Hello Everyone, Hope you all are healthy and safe. Today’s writeup is my recent find on Bugcrowd private program. This writeup explains how I was able to chain CORS with CSRF attack to steal chat session Id of victim user and send messages on behalf of victim. Without wasting time let’s get into details of the vulnerability.

In 2nd week of January, while exploring the <redacted> domain. I found that the target domain has in built chat feature. For sending a new message, system will send a POST request like this:

POST /ha/chat/<Chat_Session_ID> HTTP/1.1
Host: <redacted>
User-Agent: XXXXX
Accept: application/json, text/plain, /

Hello everyone, I hope you all are healthy and safe. Today I would like to explain my recent find that I have found in 1st week of Jan this year. As I always say, Test each and every functionality and break it. Today’s report also falls under the same.

One day, I received a Bugcrowd notification about my old accepted report raised on <redacted>.com, since it’s been so many months since I tested this program, thought of giving it a look. That makes this program as my first target this year and switched to work mode almost immediately.


Hello everyone, Hope you all are having a good day! Today’s Writeup explains how I was able to fetch any registered users FirstName, LastName and Phone number details through signup end-point, which ideally should not happen as per Targets workflow. Let’s get into the details : )

I found this target in Bugcrowd, let’s call this domain as: <redacted>.com. Since the target does not have wide scope I directly landed on signup and started checking the functionalities. Later and went ahead and created a new account and landed on Dashboard page. I found couple of bugs which were falling under…

Hi everyone, First of all Happy new year and I hope&Pray you all are safe and sound. I always love to break functionalities and find some cool bugs. As I always highlight, It is very important to understand the functionalities and do search every possible way to break them for finding valid security loopholes. Today I would like to explain a find which falls under this category.

6 months ago, I got a private invite in Hackerone, I quickly opened the invite and saw that it is a cryptobased Program. Since I am not a big fan of Recon, I…

Hey guyzz …!!! I hope you all are doing well. Today I’m fully disclosing a PoC demonstration along with some brief documentation of this exploit.

This is a writeup of bug which I found in one of the private programs of Hackerone. Since it is a private program i can’t disclose the name of the program(please note that, i will be referring the program name as : “Redacted” throughout this article). I found SQL injection, in one of their endpoints: “/rest/aom/index?id=”

I’ve been investigating this program since many days and i always end up finding low severity bugs. One…

Sunil Yedla

Bug bounty hunter | QA analyst | Security Researcher

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store