PinnedPart 1: How I dumped 5,000,000 emails by reading admin panel JS code.IDORs, BAC, sensitive file disclosures, source code disclosure, insecure credentials, email HTML injections, XSS, blind XSS, SXSS and so…Mar 202Mar 202
PinnedPublished inOSINT TeamHow I hacked an Indian University’s CPanel account, email server, EARs, stored XSS, RCEIf you haven’t already read part 1 make sure to check that out here…Sep 19, 20241Sep 19, 20241
PinnedPublished inOSINT TeamHow I got RCE on an Indian university without admin credentials Tale of directory listing, SQL…Hacking Indian university’s web servers.Sep 10, 20242Sep 10, 20242
PinnedPublished inThe Deep HubHow 12-year-olds hack thousands of accounts a dayDuring the COVID-19 era many teens were locked inside of their homes and addicted to video games started downloading cheats and buying…Jun 14, 20249Jun 14, 20249
PinnedPublished inOSINT TeamHow I hacked a marriage database: tale of IDORA Tale of IDOR, PII Disclosure, and Recon TipsJun 14, 20244Jun 14, 20244
Published inOSINT TeamHow I found XSS,verification bypass, & open redirect in Kamiapp.com accidentallyWhy it’s important to always read JS files and look at the consoleAug 26, 2024Aug 26, 2024
Solving Web Assembly CTF the “wrong” way.How I solved a CTF challenge that uses a Web Assembly module (Binary that’s loaded with JS) to read the flag directly from memory instead…Aug 14, 2024Aug 14, 2024
Published inThe Deep HubHacking websites with PHP Deserialization + LFI + PHPUsing PHP(S) files -> source files instead of PHP to bypass WAF to access source code. From there a deserialization vulnerability can be…Aug 14, 2024Aug 14, 2024
Overwriting Variables Using C’s printf Vulnerability to Hijack ConditionsThis abuses C’s printf functions in programs to over-write variables to values of our choosing. This type of exploitation is known as…Aug 9, 2024Aug 9, 2024
