Hi hunters, I am back with another write-up. Finding bugs in large scope is easy and its provide a large attack surface for hunters to test the applications in many different ways but when it comes to a small or limited scope then it is quite difficult to hunting for bugs.
I know if you are a beginner then it is difficult for you to find endpoints. Please read Web Application Hacker’s Handbook 2nd, Chapter 4, Page -98 to know more about endpoints.
It is not possible to write and demonstrate about each and every endpoint in single article. …
Hi! Bug hunters, I am back with another writeup. I will try to simplify Remote Code Execution and Command Execution. Many people think both are the same vulnerability but it’s not.
Don’t be confused! Code Evaluation, Arbitrary Code Injection, and Code Execution are synonyms of Code Injection. OS injection, Command Injection, and Arbitrary Command Execution are synonyms of Command Execution.
Code injection allows the attacker to inject his own code that is executed by the application. In Command Injection, the attacker extends the default functionality of the application, which executes system commands. Let's describe both one by one.
Hi! Bug hunters, thanks for appreciating my previous article, I know there are many write-ups about “how to write a good bug report” but one thing I notice that’s all are intermediate and advance level and it is very difficult to understand for a beginner. In this write-up, we will focus only to write a good and potential report in order to submit in bug bounty programs.
Before we start, let’s know about the components of a report, any report contains Title, Description, Reproduce steps, Proof-of-concept, exploit code, recommended solution, and References. in order to submit bug bounty report each…
This is Part 2 of my first write-up Part 1, If you have not read yet that then read it first. In this write-up, I will discuss with you about all various kind of IDORs which I was discovered during my research. I have categorized these with the base on their types.
Insecure Direct Object References (IDOR) occurs when a developer forgets to validate the objects-based user inputs, it allows a malicious user to access other user's data directly from the database server. This type of vulnerability considers as an Access Control failure. Insecure Direct Object Reference is…
Hi, Bug hunters, In this write-up, I will tell you how I accidentally became a bug-hunter. It’s all about my journey how I started. I want to tell you that I am not good at English, I apologize if I do any mistakes in the write-up.
It was the last year of my college and I was renewing my scholarship form through my friend’s laptop. when I was updating my contact no or other details, I have noticed some encoded text on the URL.
Security Researcher | Bug Bounty Hunter