Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2ndHi All!, Yuuppp…It’s me again! XD. As the title suggests, I will share how I found the [Insecure Direct Object Reference] vulnerability in…Nov 10, 20221032Nov 10, 20221032
Google VRP — [Insecure Direct Object Reference] $3133.70Hi All!!!, Yes… it’s me. As usual I want to give a story about how I find IDOR [Insecure Direct Object Reference] vulnerability on one of…Oct 20, 20223084Oct 20, 20223084
From Stack Trace Laravel Leads to Privilege Escalation [Admin]Hi!, In this Article I will only tell a little about the findings that I think are interesting to be used as stories on my medium.com xDJul 20, 2022113Jul 20, 2022113
How I Get Pre-Auth Remote Code Execution (CVE-2021–42237) on One of the Vendors.Hi!!!, In this Article I would like to tell you a little about how I accidentally discovered the “Pre-Auth Remote Code Execution…Jul 6, 202271Jul 6, 202271
The Journey to get “SQL Injection” at BluePay (BLUE Indonesia BluePay) — 2019Hello, In this article i want to share my experience getting SQL Injection on BluePay (BLUE Indonesia BluePay), I found this vulnerability…Apr 9, 2022681Apr 9, 2022681
How I Get ZeroDay Attack UFU leads to RCE on one of the Vendors.Hello, In this I want to tell you a little about how I accidentally discovered the Unrestricted File Upload attack leads to Remote…Jan 18, 202222Jan 18, 202222
SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL InjectionHello, here I just want to tell about my experience finding a real IP using CloudFlare through “SSRF External Interaction” and getting a…Aug 27, 2021225Aug 27, 2021225
Bypass WAF 500 Unauthorized Access! to Reflected XSS (Cross Site Scripting)- Developer BCAHello, here I just want to share my experience regarding finding the XSS (Cross site scripting) bug at one of the banks in Indonesia…Mar 1, 2021254Mar 1, 2021254
Found a simple “Price Parameter Tampering” on IT Bootcamp (Indonesia)Hello, here I just want to give a little story about the finding of the bug “Price Parameter Tampering” on one of the IT Bootcamp websites…Dec 6, 202015Dec 6, 202015
Full Path Disclosure at Digital Payments IndonesiaCerita Caesar Evan Santoso.Oct 2, 20201Oct 2, 20201
Penetration Testing using Nmap & GIT Dumper/Extractor(PenTesting From Termux)Apr 15, 202018Apr 15, 202018
how i found bug on genetics.bwh.harvard.eduHellow friends… ^-^ i want to share my Write Up because i found Bug Vulnerability on the Harvard.edu subdomain website that is addressed…Jun 29, 20194Jun 29, 20194
![Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd](https://miro.medium.com/v2/resize:fill:80:53/1*CMbFeH9r1ArMVBGHQ-ykzw.jpeg)
![Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd](https://miro.medium.com/v2/resize:fill:160:107/1*CMbFeH9r1ArMVBGHQ-ykzw.jpeg)
![From Stack Trace Laravel Leads to Privilege Escalation [Admin]](https://miro.medium.com/v2/resize:fill:80:53/1*8gvERFVuXWGrVjQ4vSSCdg.png)
![From Stack Trace Laravel Leads to Privilege Escalation [Admin]](https://miro.medium.com/v2/resize:fill:160:107/1*8gvERFVuXWGrVjQ4vSSCdg.png)
