Hi Guys, Again I'm here to review another of my finding on the Sony program, This write-up is about how to automate process helps you find High or even critical vulnerability easier. What’s the default credential vulnerability !? The term “default credentials vulnerability” describes a security problem where software, hardware…

Hi guys, My name is Arman and you know me as M7arm4n. Today I want to talk about how I was able to access the admin panel in Coca-Cola for the 2022 World Cup 🏆 The essential part of discovering this vulnerability is continuous RECON, about 1 month before Hunting…

Hello dear friends, This write-up is about one of my findings on BugCrowd’s programs that lead attackers to use IDOR to inject XSS payload on the victim profile and send a request to update the password function till change victim's password. Recon is the most important part of the bug…

Hello amazing hunters, Today i want to notice 4 ways to find XSS in file upload that i found all of them in bug bounty programs or pentest programs. Let’s play this game… XSS via SVG file This is my favorite one that leads an attacker to upload an SVG…

Hello amazing hunter, Today I want to tell you a short story but this story has a long memory for me. In this story, I found some vulnerabilities with a payload. Let’s play this game… I decided to hunt a program on Bugcrowd, I had 131 domains to recon. So…

Hello amazing hacker, Today, I want to talk about one of my findings in a private pentest program that leads me to take over other user accounts with one click. …

Hello amazing hunters. Today , I want to tell a story about my favorite endpoint , Again. I noticed in the last story , How i able to takeover user’s account with zero click. Today , I want to try another way to takeover account but this time we need…

Hello amazing hunter. Today, I want to explain one of my favorite reports which lead me to take over any user account without one click from user. My favorite endpoint for test is reset password function; In this endpoint we have a lot of different options for test. Let me…

Hello amazing Hunter. Today I want Talk about one of my Report that i can’t Believe after a long time other Hunters dose not report it as soon as possible. First of all my name is Arman and this is my first post and i hope be Helpful for you…