Story of a strange IDOR without IDHave you ever thought about exploiting an IDOR without any ID!? Returns sensitive data without any specific ID!?Apr 15, 2024A response icon1Apr 15, 2024A response icon1
Published inInfoSec Write-upsFinding the hidden function led to a $300 IDORThe story of finding hidden functions which allow me to unauthorized access…Mar 19, 2024A response icon4Mar 19, 2024A response icon4
Published inInfoSec Write-upsStory of Lock up users’ account by DOS attack cost $1,100A misconfiguration on reset password led the attacker to block the victim to use their own account.Mar 6, 2024A response icon6Mar 6, 2024A response icon6
Published inInfoSec Write-ups[CORS] Easy peasy lemon squeezyThis blog post provides an accessible explanation of CORS and its misconfigurations.Sep 18, 2023Sep 18, 2023
Published inInfoSec Write-upsAn IDOR leads join any group makes me $2,500Simple IDOR rewards $2,500 💰Aug 18, 2023A response icon1Aug 18, 2023A response icon1
Published inInfoSec Write-upsLet’s Go For Whole CompanyThis time we are not going to talk about the effects of a vulnerability on users.we want to talk about taking over an entire organization…Jul 13, 2023A response icon1Jul 13, 2023A response icon1
Published inInfoSec Write-upsDiscovery of an XSS on OperaDiscovering XSS in large companies is one of my hobbies. Today I want to talk about Opera XSS which took 15 minutes. The power of finding…May 9, 2023A response icon1May 9, 2023A response icon1
Published inInfoSec Write-upsMass Assignment leads to the victim’s account being inaccessible foreverHi Guys, My name is m7arm4n and today I wanna talk about one of my findings on a private program that was vulnerable to Mass Assignment…May 4, 2023A response icon2May 4, 2023A response icon2
Published inInfoSec Write-upsUnauthorized access to the admin panel via leaked credentials on the WayBackMachineHello my friends, Today I want to talk about one of my admin panel bypass methods which leads me to easily bypass the admin panelMay 1, 2023A response icon3May 1, 2023A response icon3
Published inInfoSec Write-upsExploit Privilege Escalation Like a ProHere is my Privilege Escalation vulnerability on a private program that let attackers takeover whole company…Apr 10, 2023A response icon1Apr 10, 2023A response icon1
![[CORS] Easy peasy lemon squeezy](https://miro.medium.com/v2/resize:fill:160:106/1*BxS6lbYy7OmCHm2bvnBRKw.png)
![[CORS] Easy peasy lemon squeezy](https://miro.medium.com/v2/resize:fill:320:214/1*BxS6lbYy7OmCHm2bvnBRKw.png)
