Hi everyone! This is Sunil Yedla, Bug bounty hunter from Andhra Pradesh, India. Hope you all are healthy and safe. Today’s writeup is my recent find on external private program where I was able to completely takeover any users account who signed up using OAuth flow or connected social accounts…

Hello Everyone, Hope you all are healthy and safe. Today’s writeup is my recent find on Bugcrowd private program. This writeup explains how I was able to chain CORS with CSRF attack to steal chat session Id of victim user and send messages on behalf of victim. …

Hello everyone, I hope you all are healthy and safe. Today I would like to explain my recent find that I have found in 1st week of Jan this year. As I always say, Test each and every functionality and break it. Today’s report also falls under the same. One…

Hello everyone, Hope you all are having a good day! Today’s Writeup explains how I was able to fetch any registered users FirstName, LastName and Phone number details through signup end-point, which ideally should not happen as per Targets workflow. Let’s get into the details : ) I found this…

Hi everyone, First of all Happy new year and I hope&Pray you all are safe and sound. I always love to break functionalities and find some cool bugs. As I always highlight, It is very important to understand the functionalities and do search every possible way to break them for…

Hey guyzz …!!! I hope you all are doing well. Today I’m fully disclosing a PoC demonstration along with some brief documentation of this exploit. This is a writeup of bug which I found in one of the private programs of Hackerone. Since it is a private program i can’t…