DigiLocker is an Indian digitization online service provided by Ministry of Electronics and Information Technology (MeitY), Government of India under its Digital India initiative. This is a story about how I was able to disclose the mobile number of any digilocker user. Issue 1 - Sign in with OTP In 2020, I noticed a new sign (Sign…

Hi bug hunters! this article is about my last finding on Facebook. I regularly check Facebook for the latest updates and features. In April I noticed they add a feature called Business Plan for page admin. you can read below how I was able to abuse this feature. While testing…

Hello bug hunters! I am back with another blog. I found these cool bugs in one of the private programs at intigriti. So will not disclose the program name, I will use example.com instead of the original domain name. Issue 1: Bypassing input validation via `null` value The target program is a self-developed customer portal from Hotels High…

Hi hunters, I am back with another write-up. Finding bugs in large scope is easy and its provide a large attack surface for hunters to test the applications in many different ways but when it comes to a small or limited scope then it is quite difficult to hunting for…

Hi! Bug hunters, I am back with another writeup. I will try to simplify Remote Code Execution and Command Execution. Many people think both are the same vulnerability but it’s not. Don’t be confused! Code Evaluation, Arbitrary Code Injection, and Code Execution are synonyms of Code Injection. OS injection, Command…

Hi! Bug hunters, thanks for appreciating my previous article, I know there are many write-ups about “how to write a good bug report” but one thing I notice that’s all are intermediate and advance level and it is very difficult to understand for a beginner. In this write-up, we will…

This is Part 2 of my first write-up Part 1, If you have not read yet that then read it first. In this write-up, I will discuss with you about all various kind of IDORs which I was discovered during my research. I have categorized these with the base on…

Hi, Bug hunters, In this write-up, I want to share my story, how I accidentally became a bug-hunter. It’s all about my journey how I started. I want to tell you that I am not good at English, I apologise, if I do any mistakes in the write-up. It was…