Hi hunters, I am back with another write-up. Finding bugs in large scope is easy and its provide a large attack surface for hunters to test the applications in many different ways but when it comes to a small or limited scope then it is quite difficult to hunting for bugs.

I know if you are a beginner then it is difficult for you to find endpoints. Please read Web Application Hacker’s Handbook 2nd, Chapter 4, Page -98 to know more about endpoints.

Image for post
Image for post
Source: Web Application Hacker Handbook 2nd

It is not possible to write and demonstrate about each and every endpoint in single article. …


Hi! Bug hunters, I am back with another writeup. I will try to simplify Remote Code Execution and Command Execution. Many people think both are the same vulnerability but it’s not.

Image for post
Image for post

Don’t be confused! Code Evaluation, Arbitrary Code Injection, and Code Execution are synonyms of Code Injection. OS injection, Command Injection, and Arbitrary Command Execution are synonyms of Command Execution.

Code injection allows the attacker to inject his own code that is executed by the application. In Command Injection, the attacker extends the default functionality of the application, which executes system commands. Let's describe both one by one.

Remote Code…


Hi! Bug hunters, thanks for appreciating my previous article, I know there are many write-ups about “how to write a good bug report” but one thing I notice that’s all are intermediate and advance level and it is very difficult to understand for a beginner. In this write-up, we will focus only to write a good and potential report in order to submit in bug bounty programs.

Image for post
Image for post

Before we start, let’s know about the components of a report, any report contains Title, Description, Reproduce steps, Proof-of-concept, exploit code, recommended solution, and References. in order to submit bug bounty report each…


This is Part 2 of my first write-up Part 1, If you have not read yet that then read it first. In this write-up, I will discuss with you about all various kind of IDORs which I was discovered during my research. I have categorized these with the base on their types.

Image for post
Image for post

Introduction :

Insecure Direct Object References (IDOR) occurs when a developer forgets to validate the objects-based user inputs, it allows a malicious user to access other user's data directly from the database server. This type of vulnerability considers as an Access Control failure. Insecure Direct Object Reference is…


Image for post
Image for post

Hi, Bug hunters, In this write-up, I will tell you how I accidentally became a bug-hunter. It’s all about my journey how I started. I want to tell you that I am not good at English, I apologize if I do any mistakes in the write-up.

It was the last year of my college and I was renewing my scholarship form through my friend’s laptop. when I was updating my contact no or other details, I have noticed some encoded text on the URL.

Dewanand Vishal

Security Researcher | Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store