Armaan Pathan (@Armaancrockroax)

Title	Vulnerabilities	Programs	Authors
PDFReacter SSRF to ROOT Level Local File Read which led to RCE	SSRF RCE	Undisclosed	Armaan Pathan (@Armaancrockroax)
Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack Hackers	MiTM	PortSwigger	Armaan Pathan (@Armaancrockroax)
Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack.	CSRF Bruteforce	Undisclosed	Armaan Pathan (@Armaancrockroax)
Abusing ACL Permissions to Overwrite other User’s Uploaded Files/Videos on s3 Bucket	Unrestricted File Upload Broken Authorization	Undisclosed	Armaan Pathan (@Armaancrockroax)
Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )	LFI Unrestricted File Upload RCE	Undisclosed	Armaan Pathan (@Armaancrockroax)
Chaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss)	Self-XSS Clickjacking	Undisclosed	Armaan Pathan (@Armaancrockroax)
Bypassing Facebook Profile Picture Guard Security.	Broken Authorization	Meta / Facebook	Armaan Pathan (@Armaancrockroax)
Don’t just alert(1) , Because XSS is for fun…!!	XSS	Optimizely	Armaan Pathan (@Armaancrockroax)
Chain the vulnerabilities and take your report impact on the moon (CSRF to HTML INJECTION which results OPEN REDIRECT and could steal USER CREDENTIALS)	CSRF HTML Injection	Legal Robot	Armaan Pathan (@Armaancrockroax)
Insecure Direct Object Reference In Facebook Events	IDOR	Meta / Facebook	Armaan Pathan (@Armaancrockroax)
How i was able to bypass strong xss protection in well known website. (imgur.com)	XSS	Imgur	Armaan Pathan (@Armaancrockroax)

Page 1 of 1