Published inInfoSec Write-upsGoing Crazy with Farming VDPs: Extplorer Admin Panel Bypass & Remote Code Execution (RCE)Hi guys, I’m YoungVanda and in this write-up, I’ll talk about a very simple CVE which led to over +20 high-critical vulnerabilities …Sep 24, 20242Sep 24, 20242
Published inInfoSec Write-upsMeteor Subdomain TakeoverIn this write-up I’m gonna talk about Meteor Subdomain Takeover. From a simple recon to one of the trickiest exploitations of my life 😉Jan 29, 20242Jan 29, 20242
Published inInfoSec Write-upsThe Art of Monitoring Bug Bounty ProgramsWhat would’ve happened if you were the first hunter working on a target? Or if you could possibly see every single changes of the programs?Sep 26, 20232Sep 26, 20232
Published inInfoSec Write-upsSwagger XSS Mass HuntingHi guys, in this write-up, I’m gonna explain my own approach towards Swagger XSS and why I don’t use the Nuclei template (…Jul 29, 20236Jul 29, 20236
Published inInfoSec Write-upsMy Second VDP Bug Went Critical: Grafana Admin Panel BypassHi guys, in this write up I wanna talk about my own methodology for finding Grafana admin panel and how I was able to get full access.May 18, 20236May 18, 20236
