posts

Exploiting OS Command Injection for Remote Code Execution.

Business Logic Error leads to pay 0 amount for subscription and obtain 12% discount on the booking.

Dump the database through Mass Assignment Vulnerability.

This blog delves into the techniques used to bypass a Web Application Firewall (WAF) and exploit SQL injection vulnerabilities in a financial management web application.

This blog discusses the exploitation of a business logic error that allows users to manipulate prices and pay less for the products and services offered by the target company.

This blog explores the method of account takeover by manipulating the local session storage in a financial web application.

This blog discusses the exploitation of misconfigurations and authorization vulnerabilities in a Multinational Company’s Content Management System (CMS) application

An in-depth analysis of reverse engineering client-side encryption in a web application.

An in-depth analysis of the DLL hijacking vulnerability leading to remote code execution in one of the leading business automation products.

A pentester’s guide to insecure deserialization.

Exploiting an Insecure Direct Object References (IDOR) vulnerability to gain control over other users’ linked bank accounts.

API Security Misconfiguration Leads to tons of PII data Leakage.

Dumping the database by leveraging time-based SQL Injection.

Massive Subdomains Take Over using subzy.

Obtain Remote Code Execution due to Unrestricted File Upload.

iOS Pen-testing dynamic analysis lab setup.

Obtain remote code execution through file upload feature.

Takeover targetted users account via response manipulation.

Remote Code Execution through Unrestricted File Upload

Take over user accounts by abusing improper rate limitation.

Reflected Cross-site Scripting.