| AWS SSRF to Root on production instance — A bug worth 1.75Lacs |
|
|
|
| A misconfigured Apache Airflow to AWS Account Compromise |
|
|
|
| OTP Bypass Account Takeover to Admin Panel — Ft. Header Injection |
|
|
|
| Tale of 3 vulnerabilities to account takeover! |
|
|
|
| One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies! |
|
|
|
| The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise |
|
|
|
| The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise! |
|
|
|
| Chain of hacks leading to Database Compromise! |
|
|
|
| #BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account” |
|
|
|
| IRCTC — Millions of Passenger Details left at huge risk! |
|
|
|
| #BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites! |
|
|
|
| #BugBounty — From finding Jenkins instance to Command Execution.Secure your Jenkins Instance! |
|
|
|
| #BugBounty — How Naaptol (India’s popular home shopping company) Kept their Millions of User Data at Risk! |
|
|
|
| #BugBounty — @Paytm Customer Information is at risk — India’s largest digital wallet company |
|
|
|
| #BugBounty - Compromising User Account- "How I was able to compromise user account via HTTP Parameter Pollution(HPP)" |
|
|
|
| #BugBounty —" Database hacked of India’s Popular Sports company"-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection. |
|
|
|
| #BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account! |
|
|
|
| #BugBounty — "Journey from LFI to RCE!!!"-How I was able to get the same in one of the India’s popular property buy/sell company. |
|
|
|
| #BugBounty — ” Your details are saved into my account”-User info disclosure Vulnerability in Practo (India’s biggest healthcare app) |
|
|
|
| #BugBounty — Rewarded by securing vulnerabilities in Bookmyshow (India’s largest online movie & event booking portal) |
|
|
|
| #BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality |
|
|
|
| #BugBounty — How I could book cab using your wallet money in India’s largest auto transportation company! |
|
|
|
| #BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company. |
|
|
|
| #BugBounty — Exploiting CRLF Injection can lands into a nice bounty |
|
|
|
| #BugBounty — “How I was able to shop for free!”- Payment Price Manipulation |
|
|
|
writeups.xyz
/
Avinash Jain (@Logicbomb_1)