| Finding Hidden Threats: How I Found Leaked AWS Credentials in an Android App API Using DAST |
|
|
|
| How I Manipulated My Rank on the Bugcrowd Platform |
|
|
|
| Hacking Subscription Plans for free service. |
|
|
|
| Using Inspect Element to Bypass Security restrictions | Bug Bounty POC |
|
|
|
| Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC |
|
|
|
| Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC |
|
|
|
| Exploiting Insecure Firebase Database! |
|
|
|
| Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC |
|
|
|
| P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC |
|
|
|
| Subdomain Takeover via Unsecured S3 Bucket Connected to the Website |
|
|
|
| IDOR User Account Takeover By Connecting My Facebook Account with victims Account |
|
|
|
| Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC |
|
|
|
| ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC |
|
|
|
| SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC |
|
|
|
| RCE Unsecure Jenkins Instance | Bug Bounty POC |
|
|
|
| How I was able to get subscription of $120/year For Free |
|
|
|
| Unrestricted File Upload to RCE | Bug Bounty POC |
|
|
|
| UBER Wildcard Subdomain Takeover | BugBounty POC |
|
|
|
| Accessing Localhost via Vhost |
|
|
|
| Bugcrowd’s Domain & Subdomain Takeover vulnerability! |
|
|
|
| Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net |
|
|
|
| Subdomain Takeover Through Expired Cloudfront Distribution | live.lamborghini.co |
|
|
|
writeups.xyz
/
Muhammad Khizer Javed (@Khizer_javed47)