Skip to main content

BugBounties

The Phantom Subdomain: How I Found Slack’s Forgotten Backdoor
·428 words·3 mins
Digital Forensics Bug Bounty Tales Subdomain Open Redirect Slack Phishing
3 AM & Phantom Requests: My Blind SSRF Journey Through Shopify's PDF Underworld
·697 words·4 mins
Midnight Security Musings SSRF DOM Clobbering PDF Sorcery
Coffee, Curiosity & an API – JWT 'alg:none' Exploit in HealthTrack
·841 words·4 mins
Bug Bounty Writeups JWT Authentication Bypass Alg:none Burp Suite API Security
LocalNews and the Whispering Header - SQLi in a Forgotten Log
·617 words·3 mins
Weekend Bug Bounties SQLi Log Poisoning User-Agent
The Anatomy of a Clickjacking Vulnerability: A Trello Deep Dive
·570 words·3 mins
Security Web Vulnerabilities Clickjacking Trello Web Security CSP
TaskMaster – How an Avatar Became a Cookie Monster
·750 words·4 mins
Bug Bounty Web Security XSS Chronicles Stored XSS SVG TaskMaster YesWeHack
Silent Payloads: DOM-Based XSS in PayPal’s Checkout
·798 words·4 mins
12:57 AM and a Concurrency Fault: How I Exploited Uber’s Coupon Redemption Logic
·410 words·2 mins
Security Research Concurrency Vulnerabilities API Exploitation Uber Race Condition Coupon Abuse Threading Timing Attack
Broken Authentication: Uncovering Twitter's OAuth Vulnerability
·782 words·4 mins
Security Authentication OAuth Twitter API Authentication Bypass API Security
"PetCare" – CSRF in the Admin Panel: When One Click Made You an Admin
·906 words·5 mins
Bug Bounty Web Exploitation CSRF Authentication Bypass Admin Panel YesWeHack Web Security HTML Exploitation
Curiosity & file_id=187: My First Bug Bounty Journey with FileSharePro
·667 words·4 mins
Bug Bounty First Bounty IDOR Authorization Bugcrowd File Disclosure