Santosh Kumar Sha (@Killmongar1996)

Title	Vulnerabilities	Programs	Authors
How I got access to Essilor International company customer PII INFO by AWS metadata access through SSRF	SSRF	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
How I found reflected XSS on IDFC Bank with burp-suite Intruder	Reflected XSS	IDFC Bank	Santosh Kumar Sha (@Killmongar1996)
Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator	OS Command Injection RCE	De Nederlandsche Bank	Santosh Kumar Sha (@Killmongar1996)
Automating reflected XSS with burp-suite Intruder	Reflected XSS	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Exploiting S3 bucket with path folder to Access PII info of A BANK	AWS Misconfiguration Information Disclosure	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Finding multiple SSRF with aws metadata access on A BANK system	SSRF	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
How I was able Find mass leaked AWS s3 bucket from js File	AWS Misconfiguration	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access	SSRF	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Escalating SSRF to Accessing all user PII information by aws metadata	SSRF	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Unauthorized access to Django Admin Dashboard by endpoint leaked on GitHub	Missing Authentication Forced Browsing	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Chaining CSRF with XSS to deactivate Mass user accounts by single click	CSRF XSS	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
AWS internal metadata accessed through SSRF by Chaining an Open Redirect bug	SSRF Open Redirect	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Unauthorized access to admin setpassword page BY bypassing 403 Forbidden	Broken Authorization	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Chaining an Blind SSRF bug to Get an RCE	Blind SSRF RCE	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Finding Basic Authtoken in JAVASCRIPT file BY Full Automation	Information Disclosure	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Android apk leaks access token to takeover the whole infrastructure	Information Disclosure Hardcoded Credentials Android	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Finding SSRF BY Full Automation	SSRF	Undisclosed	Santosh Kumar Sha (@Killmongar1996)
Chaining CORS by Reflected xss to Account takeover #My first Blog	CORS Misconfiguration Reflected XSS Account Takeover	Undisclosed	Santosh Kumar Sha (@Killmongar1996)

Page 1 of 1