Hello everyone, I hope you all are healthy and safe. Today’s writeup is about one of my find in a gaming website. The interesting part here is that, I always thought this type of attack is just a theory. As always I will try to keep my writeup not soo technical so that it will be easy to understand for any beginner. Let’s start!
Before getting into the details, let’s discuss about websocket requests:
What are Websocket’s ?
Hi everyone! This is Sunil Yedla, Bug bounty hunter from Andhra Pradesh, India. Hope you all are healthy and safe. Today’s writeup is my recent find on external private program where I was able to completely takeover any users account who signed up using OAuth flow or connected social accounts without victims interaction. As always I will try to keep my writeup not soo technical so that it will be easy to understand for any beginner. Let’s start!
On July 9th, I found couple of Low/Medium severity vulnerabilities on an external private program. One of the vulnerability is happening…
Hello Everyone, Hope you all are healthy and safe. Today’s writeup is my recent find on Bugcrowd private program. This writeup explains how I was able to chain CORS with CSRF attack to steal chat session Id of victim user and send messages on behalf of victim. Without wasting time let’s get into details of the vulnerability.
In 2nd week of January, while exploring the <redacted> domain. I found that the target domain has in built chat feature. For sending a new message, system will send a POST request like this:
POST /ha/chat/<Chat_Session_ID> HTTP/1.1
Accept: application/json, text/plain, /
Hello everyone, I hope you all are healthy and safe. Today I would like to explain my recent find that I have found in 1st week of Jan this year. As I always say, Test each and every functionality and break it. Today’s report also falls under the same.
One day, I received a Bugcrowd notification about my old accepted report raised on <redacted>.com, since it’s been so many months since I tested this program, thought of giving it a look. That makes this program as my first target this year and switched to work mode almost immediately.
Hello everyone, Hope you all are having a good day! Today’s Writeup explains how I was able to fetch any registered users FirstName, LastName and Phone number details through signup end-point, which ideally should not happen as per Targets workflow. Let’s get into the details : )
I found this target in Bugcrowd, let’s call this domain as: <redacted>.com. Since the target does not have wide scope I directly landed on signup and started checking the functionalities. Later and went ahead and created a new account and landed on Dashboard page. I found couple of bugs which were falling under…
Hi everyone, First of all Happy new year and I hope&Pray you all are safe and sound. I always love to break functionalities and find some cool bugs. As I always highlight, It is very important to understand the functionalities and do search every possible way to break them for finding valid security loopholes. Today I would like to explain a find which falls under this category.
6 months ago, I got a private invite in Hackerone, I quickly opened the invite and saw that it is a cryptobased Program. Since I am not a big fan of Recon, I…
Hey guyzz …!!! I hope you all are doing well. Today I’m fully disclosing a PoC demonstration along with some brief documentation of this exploit.
This is a writeup of bug which I found in one of the private programs of Hackerone. Since it is a private program i can’t disclose the name of the program(please note that, i will be referring the program name as : “Redacted” throughout this article). I found SQL injection, in one of their endpoints: “/rest/aom/index?id=”