Easy Account Take Over, Fake Authentication?Hmmmm, maybe you’re wondering what fake authentication is and whether it exists as a term in application security. Before you ask ChatGPT…Feb 3Feb 3
Published inInfoSec Write-upsSQL Injection in The HTTP Custom HeaderIt has been a long time since my last write-up. in this short write up I wanna share my last year's findings about SQL Injection that I…Jun 14, 20236Jun 14, 20236
How I found (P2) Broken Authentication with Zero Skill of HackingThis is a local bounty program in my country that I recently joined, I choose one of the programs and try to analyze it, this program runs…Dec 21, 20211Dec 21, 20211
Published inInfoSec Write-upsByPass SSL Pinning with IP Forwarding | iptablesAfter struggling with common tools to bypass SSL pinning, because the app that I’m testing won’t show some HTTPS traffic that I try to…Dec 6, 20212Dec 6, 20212
Published inInfoSec Write-upsBypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.Assalamu’alaikum (Peace be upon you)Jul 25, 20211Jul 25, 20211
Account Take Over with HTTP Pollution Attack at Reset Password FunctionalityFirst of all, this is my first write up about finding or bug when I work as cyber security. and also I try to write this post with English…Jul 16, 20215Jul 16, 20215
