Published inInfoSec Write-upsFrom Demo to Live: Zero-Click Account Takeover via the Same Encryption AlgorithmAn encryption algorithm that passes security tests and seems flawless… But once it goes live, imagine accounts being taken over without a…Feb 51Feb 51
Published inInfoSec Write-upsMRS #2: Bypassing premium features by checking “premium validation” parameters (€€€)Hi, this write-up series was created to share the original reports of some vulnerabilities I found, with the necessary corrections made…Mar 14, 2024Mar 14, 2024
Published inInfoSec Write-upsMy Report Summaries #1: Project manager can see & download all users’ login history at redacted app…Hi, this write-up series was created to share the original reports of some vulnerabilities I found, with the necessary corrections made…Mar 4, 20241Mar 4, 20241
Published inInfoSec Write-upsDisclosure email address of any Wordpress user via redacted-serviceHello fellas, in this write-up, I’m gonna talk about disclosing email address of any WordPress user by using an another service within…Oct 11, 2023Oct 11, 2023
Published inInfoSec Write-upsBypassing email verification of high-profile tech company ($$$)Hi guys, after almost a year, I thought I should create a new write-up. Today, I’m gonna show you the email verification bypass…Jul 29, 20236Jul 29, 20236
Published inInfoSec Write-upsBypass Apple’s redirection process with the dot (“.”) characterHi guys, I have been gone for a while but now I’m back and here is a new write-up post. Today, I’m gonna show you the Open Redirection…Dec 24, 20221Dec 24, 20221
Published inInfoSec Write-upsBreak the Logic: 5 Different Perspectives in Single Page (€1500)Hello everyone. Today I’m going to talk about five different vulnerabilities that I found on a single page. Three of these vulnerabilities…Aug 26, 20222Aug 26, 20222
Published inInfoSec Write-upsBreak the Logic: Insecure Parameters (€300)Hello everyone. Today, I’m going to talk about two minor vulnerabilities based on insecure parameters that I discovered in the same…Aug 24, 20223Aug 24, 20223
Published inInfoSec Write-upsMultiple bugs in one program leads to €1500Hi, today I‘m going to talk about three basic vulnerabilities that I discovered in the same program and were rewarded with 1500€.Aug 2, 20222Aug 2, 20222
Published inInfoSec Write-upsI mean, IDOR is NOT only about others IDHi folks! In this write-up, I’m going to talk about the vulnerability I found to broaden your perspective on IDORs.Jul 22, 20223Jul 22, 20223
