Open in app

Sign In

Write

Sign In

Sunil Yedla
Sunil Yedla

658 Followers

Home

About

Aug 25, 2021

‘Websocket Hijacking’ to steal Session_ID of victim users

Hello everyone, I hope you all are healthy and safe. Today’s writeup is about one of my find in a gaming website. The interesting part here is that, I always thought this type of attack is just a theory. As always I will try to keep my writeup not soo…

3 min read

‘Websocket Hijacking’ to steal Session_ID of victim users
‘Websocket Hijacking’ to steal Session_ID of victim users

3 min read


Jul 28, 2021

Information Disclosure to Account Takeover

Hi everyone! This is Sunil Yedla, Bug bounty hunter from Andhra Pradesh, India. Hope you all are healthy and safe. Today’s writeup is my recent find on external private program where I was able to completely takeover any users account who signed up using OAuth flow or connected social accounts…

Bug Bounty

3 min read

Information Disclosure to Account Takeover
Information Disclosure to Account Takeover
Bug Bounty

3 min read


Feb 2, 2021

Stealing Chat session ID with CORS and execute CSRF attack

Hello Everyone, Hope you all are healthy and safe. Today’s writeup is my recent find on Bugcrowd private program. This writeup explains how I was able to chain CORS with CSRF attack to steal chat session Id of victim user and send messages on behalf of victim. …

Bug Bounty

2 min read

Stealing Chat session ID with CORS and execute CSRF attack
Stealing Chat session ID with CORS and execute CSRF attack
Bug Bounty

2 min read


Jan 18, 2021

Simple & Sweet: Bypass email update restriction to change emails of team members

Hello everyone, I hope you all are healthy and safe. Today I would like to explain my recent find that I have found in 1st week of Jan this year. As I always say, Test each and every functionality and break it. Today’s report also falls under the same. One…

Bugcrowd

3 min read

Bugcrowd

3 min read


Jan 6, 2021

Information Disclosure through Signup Endpoint

Hello everyone, Hope you all are having a good day! Today’s Writeup explains how I was able to fetch any registered users FirstName, LastName and Phone number details through signup end-point, which ideally should not happen as per Targets workflow. Let’s get into the details : ) I found this…

Bug Bounty

2 min read

Bug Bounty

2 min read


Jan 5, 2021

Exploiting Max. Character Limitation

Hi everyone, First of all Happy new year and I hope&Pray you all are safe and sound. I always love to break functionalities and find some cool bugs. As I always highlight, It is very important to understand the functionalities and do search every possible way to break them for…

Bug Bounty

3 min read

Exploiting Max. Character Limitation
Exploiting Max. Character Limitation
Bug Bounty

3 min read


Mar 10, 2019

SQL injection for $50 bounty, but still worth reading!!

Hey guyzz …!!! I hope you all are doing well. Today I’m fully disclosing a PoC demonstration along with some brief documentation of this exploit. This is a writeup of bug which I found in one of the private programs of Hackerone. Since it is a private program i can’t…

Tech

2 min read

Tech

2 min read

Sunil Yedla

Sunil Yedla

658 Followers

Bug bounty hunter | QA analyst | Security Researcher

Following
  • Jerry Shah (Jerry)

    Jerry Shah (Jerry)

  • Lokesh Kumar

    Lokesh Kumar

  • Santosh Kumar Sha (@killmongar1996)

    Santosh Kumar Sha (@killmongar1996)

  • Ozgur Alp

    Ozgur Alp

  • Rajanagori

    Rajanagori

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech