‘Websocket Hijacking’ to steal Session_ID of victim usersHello everyone, I hope you all are healthy and safe. Today’s writeup is about one of my find in a gaming website. The interesting part here…Aug 25, 20211Aug 25, 20211
Information Disclosure to Account TakeoverHi everyone! This is Sunil Yedla, Bug bounty hunter from Andhra Pradesh, India. Hope you all are healthy and safe. Today’s writeup is my…Jul 28, 20213Jul 28, 20213
Stealing Chat session ID with CORS and execute CSRF attackHello Everyone, Hope you all are healthy and safe. Today’s writeup is my recent find on Bugcrowd private program. This writeup explains…Feb 2, 20212Feb 2, 20212
Simple & Sweet: Bypassing email update restriction to change emails of team membersHello everyone, I hope you all are healthy and safe. Todays I would like to explain my recent find that I have found in 1st week of Jan…Jan 18, 2021Jan 18, 2021
Information Disclosure through Signup EndpointHello everyone, Hope you all are having a good day! Today’s Writeup explains how I was able to fetch any registered users FirstName…Jan 6, 20212Jan 6, 20212
Exploiting Max. Character LimitationHi everyone, First of all Happy new year and I hope&Pray you all are safe and sound. I always love to break functionalities and find some…Jan 5, 20211Jan 5, 20211
SQL injection for $50 bounty, but still worth reading!!Hey guyzz …!!! I hope you all are doing well. Today I’m fully disclosing a PoC demonstration along with some brief documentation of this…Mar 10, 20192Mar 10, 20192