InfoSec Write-ups - Medium-- How my name was added to humans.txt for scoring my first bug bounty, a severity 2 one at that!Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium

InfoSec Write-ups - Medium-- Hello Hunters, this is a quick write up on one of my recent findings on a bug bounty program. Before jumping into the vulnerability, let us get familiarized with few terms.What is PII Leakage?Personally identifiable information (PII) is any data that could potentially identify a specific individual, such as username,userID or any other … Continue reading PII Leakage via IDOR + Weak PasswordReset = Full Account Takeover

InfoSec Write-ups - Medium-- How I earned $500 from Google - Flaw in AuthenticationHello Everyone!This is my first writeup.Today I will share the write-up of my first accepted bug in Google, Which is in “Google Cloud Partner Advantage Portal” where I was able to modify personal details for victim account via Broken Authentication.What does “broken authentication” … Continue reading How I earned $500 from Google – Flaw in Authentication

InfoSec Write-ups - Medium-- Always Try Harder! Because It’s Google!Hi,I would like to thank all the Bug Hunters for their tedious effort in improving internet security and reaching out to read my little GOOGLE-Bug Hunting story and my experience on achieving GOOGLE-Hall Of Fame!I had started my Bug Hunting journey about 3 months ago, for the first … Continue reading Business Logic Flaw in Google Acquisition! (Hall Of Fame)

InfoSec Write-ups - Medium-- CVE-2020–24115Use of hardcoded credentials in source code leads to admin panel access# Exploit Title: Online Book Store 1.0 — Use of Hard-coded Credentials in source code leads to admin panel access# Date: 2020–07–22# Exploit Author: Mayur Parmar(th3cyb3rc0p)# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/# Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip# Version: 1.0# Tested on Windows10# CVE: CVE-2020-24115Hardcoded Credentials:Hardcoded Passwords, also often … Continue reading CVE-2020–24115: Use of hardcoded credentials in source code leads to admin panel access

InfoSec Write-ups - Medium-- TryHackMe: OWASP Top 10(Day 1) Beginner friendly walkthroughOWASP top 10 RoomWalkthrough [Day 1] Injection TryHackMeRoom Link: https://tryhackme.com/room/owasptop10Recently TryHackMe released ten days OWASP Top10 challenges where beginners will learn OWASP top 10 practically.Connect to the tryhackme network using OpenVPN using below linkTryHackMe | Hacking TrainingNow goto owasp top 10 room using below link:https://tryhackme.com/room/owasptop10OWASP top10 room[Day … Continue reading TryHackMe:OWASP Top 10(Day 1)

InfoSec Write-ups - Medium-- IntroductionWhen I started getting into AWS pentesting, one of the hardest things to fully understand was IAM. AWS documentation is usually great, but can be extensive, and IAM has a lot of similar terms. You have users, roles, groups, managed policies, inline policies, instance roles, etc…This article will try to shine … Continue reading AWS IAM explained for Red and Blue teams

InfoSec Write-ups - Medium-- This is the story of how only two insecure configurations allowed us to take down an entire cloud hosted company. It was a gray box pentest for a relatively big client, in which we were tasked with assessing the security of about 5 development endpoints, accessible only using a client certificate. … Continue reading Combining Hadoop and MCollective for total network compromise

InfoSec Write-ups - Medium-- This one doesn’t have that awful caveat compared to my other article :) Playing around with headers is important during bug hunting. But…Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium

InfoSec Write-ups - Medium-- How I Accidentally Got My First Bounty From FacebookFacebook Bug Bounty 2020Hello readers,After a very long time I am come back with a new write up. This write up is about how I got my first bounty from Facebook for reporting a functional security issue. So I hope this write up is not … Continue reading How I Accidentally Got My First Bounty From Facebook || Facebook Bug Bounty 2020