Published inInfoSec Write-upsGoogle did an Oopsie: a simple IDOR worth $3,133.7Tl;dr: Sometimes the bounty is hidden in plain sight — a simple IDOR by changing the Google Drive file ID. Blocked by login/pay wall? Read…Feb 34Feb 34
Published inInfoSec Write-upsThe forgotten content : information disclosure and reflected XSS on TokopediaTl;dr : how i found a ‘should be deleted’ content that disclose some sensitive information and vulnerable to reflected XSS on Tokopedia.Jun 1, 20201Jun 1, 20201
Published inInfoSec Write-upsThe unexpected bounty: a story of Zendesk takeover on REDACTED.comTl;dr : a good faith powered report of subdomain takeover that end up with bounty, even though the company itself doesn’t have a Bug…Jan 25, 2020Jan 25, 2020
Published inInfoSec Write-upsHow i buy a subdomain of Tokopedia’s website (yeah you read it right)Tl;dr : a subdomain of tokopedia’s website is pointed to an expired Top-Level-Domain available to buy, so obviously I go ahead and buy it.Jan 20, 20203Jan 20, 20203
Published inInfoSec Write-upsHow Inspect Element lead to Stored XSS on Bukalapak’s websiteTl;dr : a unique high severity misconfiguration I found on Bukalapak website that lead to stored XSS, by only inspecting an HTML elementDec 23, 2019Dec 23, 2019
