Finding bugs in popular websites can be tough sometimes, but luckily this is not always the case.

Hello guys, I’m here with a new blog post on account takeover vulnerabilities which have been reported by me. I’ve started bug bounty in…

Contribute to m4xx101/FinDir development by creating an account on GitHub.

In this article, we will discuss IDOR vulnerability, how to find one and present 25 disclosed reports based on this issue.

How I Finally could Got into an Internal Network (and could accessing all of their internal assets) by Using Various Vulnerabilities.

Decode All Bases - Base Scheme Decoder. Contribute to mufeedvh/basecrack development by creating an account on GitHub.

Last October I dived into the world of Jira Software (version 8.4.1) in the hope of discovering new vulnerabilities. Initially, I came…

  Bug Bounty Tips Over the past years we have shared a lot of  tips to help our readers in one way or another. Thinking outside the box or trying a different approach could be the defining factor in...

While I prefer more to write/talk about far-going topics instead of just one vulnerability write-up, I decided to make an exception for…

Hello everyone, I would like to share a riveting issue regarding XSS (Cross-Site Scripting ) I endured a few months ago. Cross-site scripting (XSS) is a type of security vulnerability typically fou…

During the latest years Web Security has become a very important topic in the IT Security field. The advantages the web offers resulted in very critical services being developed as web applications. The business requirements for their web applications security…

Summary : By sending a very long string (100000 characters) it’s possible to cause a denial a service attack on the server. This may lead…

The Internet of things is a network of devices that are connected to the Internet, controlled through it, and can exchange data with each…

In this article, we will discuss an interesting data exfiltration technique