PinnedPublished inInfoSec Write-upsFrom Cookie to P1: Exploiting a Simple Flaw for Maximum ImpactHackers can predict session tokens — giving them full access to private accounts.Feb 15Feb 15
PinnedPublished inInfoSec Write-upsCritical Blind SQL Injection leads to $4,134 (7/30 DAYS)Understanding the Risk: How a Blind SQL Injection Was Discovered in inDrive.Jan 151Jan 151
PinnedPublished inOSINT TeamExposing HTML Injection:$500 Bounty (6/30DAYS)How a Researcher Earned $500 for Uncovering a Dangerous HTML Injection Flaw !!!Jan 81Jan 81
PinnedThis Simple GraphQL SSRF Bug Earned $3,000 (3/30 DAYS)I’m a security researcher, and I’ve taken on the challenge of explaining one bug bounty report every day for the next 30 days — 30 days…Jan 17Jan 17
PinnedIDOR Flaw Leads to $1160 Bounty (1/30 DAYS)I’m a security researcher taking on the challenge of explaining one bug bounty report every day for 30 days. Here’s the first one…Dec 28, 2024Dec 28, 2024
Published inOSINT TeamUnpatched RCE in Laravel Voyager = Big Bounties! 💰Critical RCE vulnerability in Laravel’s popular admin panelFeb 24Feb 24
Bug Bounty Methodology: Exploiting Dev & Staging Environments for Maximum BountyWhy Dev & Staging Environments Are a Goldmine for Bug Hunters Seeking High-Value ExploitsFeb 19Feb 19
Published inOSINT TeamAdmin Panel Exploit Leaks 1 Million User Records on LogitechHow an unexpected misconfiguration in an admin panel led to the exposure of 1 million user recordsJan 312Jan 312
Account Deletion Flaw Exposes Chats, Researcher Gets $1,000 (5/30DAYS)Uncovering the Chat Privacy Vulnerability and How It Was FixedJan 5Jan 5
