A bug chain of HTTP Request Smuggling that led to account takeover

For quite a long time I have been hunting for vulnerabilities on the HackerOne platform, allocating a certain amount of time outside the…

Before I began to comprehend the complex science of information security, it seemed to me that Two-Factor Authentication is a guaranteed…

🐛 A list of writeups from the Google VRP Bug Bounty program - xdavidhu/awesome-google-vrp-writeups

Welcome to the XSS Challenge Wiki! Contribute to cure53/XSSChallengeWiki development by creating an account on GitHub.

Hi Everyone,

Most of you probably familiar within the vulnerability types “IDOR (Insecure Object Direct Reference)” and second order vulnerabilities…

Some Model 3 cars and $1 million in award money will be up for grabs.In March last year, a group of hackers won a Tesla Model 3 and $35,000 for hacking into its systems

[CVE-2019-14615] iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU - HE-Wenjian/iGPU-Leak

Summary :

Introduction :

Hi Everyone,

I’m going to talk about a common and strange password reset system that I have seen many times in Bug Hunting and in many VAPT projects. and in many cases this system opens the door to attacker to…

Hey Folks! Hope you guys are doing great.

This article is about an account takeover vulnerability I found on Instagram that allows anyone to hack Instagram accounts without consent permission. Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty program. …

All about Password reset configurations

In this article, we will discuss Remote Code Execution (RCE) vulnerability, how to find one and present 25 disclosed reports based on this