Attackers able to manipulate slot timings of venues and get free hours for same price leading to…Hello everyone, I trust you all are healthy and safe. The purpose of this write-up is to share my knowledge with a broader audience and to…Mar 7Mar 7
‘Websocket Hijacking’ to steal Session_ID of victim usersHello everyone, I hope you all are healthy and safe. Today’s writeup is about one of my find in a gaming website. The interesting part here…Aug 25, 2021A response icon1Aug 25, 2021A response icon1
Information Disclosure to Account TakeoverHi everyone! This is Sunil Yedla, Bug bounty hunter from Andhra Pradesh, India. Hope you all are healthy and safe. Today’s writeup is my…Jul 28, 2021A response icon3Jul 28, 2021A response icon3
Stealing Chat session ID with CORS and execute CSRF attackHello Everyone, Hope you all are healthy and safe. Today’s writeup is my recent find on Bugcrowd private program. This writeup explains…Feb 2, 2021A response icon2Feb 2, 2021A response icon2
Simple & Sweet: Bypassing email update restriction to change emails of team membersHello everyone, I hope you all are healthy and safe. Todays I would like to explain my recent find that I have found in 1st week of Jan…Jan 18, 2021Jan 18, 2021
Information Disclosure through Signup EndpointHello everyone, Hope you all are having a good day! Today’s Writeup explains how I was able to fetch any registered users FirstName…Jan 6, 2021A response icon3Jan 6, 2021A response icon3
Exploiting Max. Character LimitationHi everyone, First of all Happy new year and I hope&Pray you all are safe and sound. I always love to break functionalities and find some…Jan 5, 2021A response icon1Jan 5, 2021A response icon1
SQL injection for $50 bounty, but still worth reading!!Hey guyzz …!!! I hope you all are doing well. Today I’m fully disclosing a PoC demonstration along with some brief documentation of this…Mar 10, 2019A response icon2Mar 10, 2019A response icon2