Stealing Cookies to Login in any Account
Hi,So this is my first write up, This write up is about how I was able to get into other users account, by stealing their cookies. It was a private program on bugcrowd, let’s just say the program was...
View ArticleBypassing XSS filter and Stealing User Credit Card Data
Bypassing XSS filter and Stealing User Payment DataSo here is another writeup about how I bypassed XSS filter and created a payload to get user credit card data. It was a private program on bugcrowd,...
View ArticleAccount Taker with Clickjacking
Account Takeover with ClickjackingThis writeup is about how I was able to change other users account email with clickjacking. It was a private program on Bugcrowd.The Profile page of the site allows...
View Article$1800 worth Clickjacking
In this writeup, I will talk about how I earned a total of $1800 by exploiting Clickjacking on pages where User sensitive information was disclosed, It was a private program on Bugcorwd.So there were...
View ArticleI could have sent the data to my server, but for the sake of simplicity and...
I could have sent the data to my server, but for the sake of simplicity and demonisation purpose i logged the data in console.
View ArticleServer Security Misconfiguration > Clickjacking > Sensitive Click-Based Action
Server Security Misconfiguration > Clickjacking > Sensitive Click-Based Action
View ArticleCORS To CSRF Attack
This writeup is about the CORS Misconfiguration by which I was able to perform a CSRF attack to change other users account Info. The target let’s just say it was named redact.com was sending a PUT...
View ArticleJSON CSRF to FormData Attack
JSON CSRF To FormData AttackSo you guys must be aware of CSRF attack, if not then here is a short intro:CSRF is an attack that forces an end user to execute unwanted actions on a web application in...
View ArticleExploiting JSONP and Bypassing Referer Check
Hi Folks, hope you are all fine, so this writeup is about exploiting JSONP to extract private data from API endpoints and bypassing the security check by the server.JSONP is (JSON With Padding), JSONP...
View ArticleExploiting WebSocket [Application Wide XSS / CSRF]
Assalam u Alikum, it’s been a while I haven’t contributed to this wonderful community so I am back with a new write up about WebSocket which is fun to exploit. So first of all what is...
View Article