Story of a strange IDOR without IDHave you ever thought about exploiting an IDOR without any ID!? Returns sensitive data without any specific ID!?Apr 15, 20242601Apr 15, 20242601
Published inInfoSec Write-upsFinding the hidden function led to a $300 IDORThe story of finding hidden functions which allow me to unauthorized access…Mar 19, 20247815Mar 19, 20247815
Published inInfoSec Write-upsStory of Lock up users’ account by DOS attack cost $1,100A misconfiguration on reset password led the attacker to block the victim to use their own account.Mar 6, 20242876Mar 6, 20242876
Published inInfoSec Write-ups[CORS] Easy peasy lemon squeezyThis blog post provides an accessible explanation of CORS and its misconfigurations.Sep 18, 202341Sep 18, 202341
Published inInfoSec Write-upsAn IDOR leads join any group makes me $2,500Simple IDOR rewards $2,500 💰Aug 18, 20234641Aug 18, 20234641
Published inInfoSec Write-upsLet’s Go For Whole CompanyThis time we are not going to talk about the effects of a vulnerability on users.we want to talk about taking over an entire organization…Jul 13, 20231221Jul 13, 20231221
Published inInfoSec Write-upsDiscovery of an XSS on OperaDiscovering XSS in large companies is one of my hobbies. Today I want to talk about Opera XSS which took 15 minutes. The power of finding…May 9, 20231661May 9, 20231661
Published inInfoSec Write-upsMass Assignment leads to the victim’s account being inaccessible foreverHi Guys, My name is m7arm4n and today I wanna talk about one of my findings on a private program that was vulnerable to Mass Assignment…May 4, 20232192May 4, 20232192
Published inInfoSec Write-upsUnauthorized access to the admin panel via leaked credentials on the WayBackMachineHello my friends, Today I want to talk about one of my admin panel bypass methods which leads me to easily bypass the admin panelMay 1, 20231393May 1, 20231393
Published inInfoSec Write-upsExploit Privilege Escalation Like a ProHere is my Privilege Escalation vulnerability on a private program that let attackers takeover whole company…Apr 10, 20231071Apr 10, 20231071
Published inInfoSec Write-upsLet’s Hacking Citizens BankHi Guys, Here is another write-up about how I hacked the Citizens Bank and how chrome extensions helped me in this way, be my guest…Apr 3, 20233Apr 3, 20233
Published inInfoSec Write-upsAccount Takeover Via Poising Forget Password Port in ASDAToday I want to discuss Host Header Poising leading to a one-click-to-account takeover BUT that wasn’t a normal one. Be my guest…Mar 23, 20231Mar 23, 20231
Published inInfoSec Write-upsDefault Credentials on Sony- Swag TimeHi Guys, Again I'm here to review another of my finding on the Sony program, This write-up is about how to automate process helps you find…Mar 10, 20231Mar 10, 20231
Published inInfoSec Write-upsUnauthorized Access To Admin Panel via SwaggerIn this write-up, we review one of my high impact findings on CoCa-Cola program that lead me Unauthorized Access To Admin Panel via SwaggerMar 4, 2023Mar 4, 2023
Published inInfoSec Write-upsZero Click To Account Takeover (IDOR + XSS)Use IDOR & stored XSS to takeover victim account without any user interaction!!Dec 21, 20221Dec 21, 20221
Published inSystem WeaknessMulti XSS Exploit in Upload FileHello amazing hunters, Today i want to notice 4 ways to find XSS in file upload that i found all of them in bug bounty programs or pentest…Jan 21, 20223Jan 21, 20223
Published inSystem WeaknessC.S.T.I Lead To Account Takeover $$$Hello amazing hunter, Today I want to tell you a short story but this story has a long memory for me. In this story, I found some…Jan 13, 20224Jan 13, 20224
Published inSystem WeaknessHost Header Injection Lead To Account TakeoverHello amazing hacker, Today, I want to talk about one of my findings in a private pentest program that leads me to take over other user…Jan 9, 20223Jan 9, 20223
![[CORS] Easy peasy lemon squeezy](https://miro.medium.com/v2/resize:fill:80:53/1*BxS6lbYy7OmCHm2bvnBRKw.png)
![[CORS] Easy peasy lemon squeezy](https://miro.medium.com/v2/resize:fill:160:107/1*BxS6lbYy7OmCHm2bvnBRKw.png)
