Unlocking the Mystery: Exploring the URN Injection Vulnerability
Hello Hackers, Today, we will explore the concept of URN Injection in a simple and understandable way. Join us as we uncover the ins and outs of this vulnerability and […]
One-Click Account Takeover via DEEPLINK: Exploiting Exported activities
Today will Analyze a HackerOne Report which was related to “KAYAK”, it was founded by Carlos Bello, who brilliantly hack into the KAYAK application…He was able to take over any KAYAK account just by Clicking a Link.
Broken Authentication(Vulnerable Email-change and Forgot-Password Feature)
Today, we will learn about a very interesting vulnerability from the “Email-Change” and “Forgot-Password” Feature which states the web application is vulnerable to “Broken-Authentication”…
How I was able to Hacked into ZOMATO
Today I will share my recent updates, Where I reported a bug to Zomato which is of HIGH severity, and how they rewarded me for that, I am going to disclose the vulnerability because the vulnerability had been successfully patched…
BUSINESS LOGIC FLAW – Insufficient Account Validation
The functionality which is implemented on the web application is to do some specific behavior and do any particular activity, but when this implemented functionality is exploited by the Attacker to do some unintended behavior that vulnerability is named Business Logic Flaw, which may occur financial loss to that company.
CSV Injection | Formula Injection | Command Execution | Excel Sheets are not secure !!
Today we will discuss one of my recent findings on the bug crowd program…” CSV Injection”, which is used to execute malicious commands on the user’s computers(like calculator, notepad popup, and downloading any malicious file on a computer).