Lately, I have been thinking about automation. Funny, this isn’t something I have thought of in the past. I have just been trying to find some really good bugs, one by one. Saving the world one small to high CVSS score bug at a time. …

Password reset link not expiring After a user has used a password reset token, that token should be burned and should not be used for that account again. The problem is that sometimes developers forget to invalidate these tokens. …

Hey, Well this is my first writeup and there might be ton of mistakes as i go along writing it out so please give me feedback so that i can work over it. So lets start! 0x01 JWT workflow Starting with JWT, it is a very lightweight specification This specification allows us to…

Hello Fellows, In this article, I will demonstrate a vulnerability idea that I have encountered multiple times lately during penetration tests and bug bounty, you can make use of it and include it in your methodology. Apparently, some organizations are separating their web and mobile applications, while the business and…

IDOR — Insecure Direct Object Reference, abuse of the lack of authentication at every stage. Considering becoming a member on medium? Use this link at no extra cost to yourself, and support me :) (https://medium.com/@nynan/membership) A while ago, I curled up in bed, with my laptop and a coffee, and…

Hello guys! Today we are going to talk about a very well known flaw called IDOR, this is a very simple flaw to exploit and very dangerous. IDOR (Insecure Direct Object Reference) is a vulnerability that could allow unauthorized access to web pages or files. …

Google Dorking is a technique that hackers use to find information that may have been accidentally exposed to the internet. What is Google Dorking? Advanced use of Google Search Operator is called Google Dorking. In simple terms, it is using Google to run targeted search queries using specific keywords or commands. …

This article is all about pentesting JWT. You can practice all of these techniques on vulnerable target availabe at burp Suite webacademy labs. I will try to make the article as easy as possible and will try to make you understand in very layman language. What is JWT: JWT is…

Hello guys👋👋 ,Prajit here from the BUG XS Team, it’s been a long time since my last story, sorry for the delay was held back in exams and viva😅. …

HEY! Amazing hackers, let’s talk about instant bounties, the low-hanging fruits. Google Dorking is very powerful and yet people do not like to generally use it in their workflow. Any experienced hunter will tell you that this is one of the quickest ways to know around a system. What is Google Dorking? Google Dorking…