Quantcast
Channel: Stories by Osama Avvan on Medium
Browsing latest articles
Browse All 10 View Live

Image may be NSFW.
Clik here to view.

Stealing Cookies to Login in any Account

Hi,So this is my first write up, This write up is about how I was able to get into other users account, by stealing their cookies. It was a private program on bugcrowd, let’s just say the program was...

View Article


Image may be NSFW.
Clik here to view.

Bypassing XSS filter and Stealing User Credit Card Data

Bypassing XSS filter and Stealing User Payment DataSo here is another writeup about how I bypassed XSS filter and created a payload to get user credit card data. It was a private program on bugcrowd,...

View Article


Image may be NSFW.
Clik here to view.

Account Taker with Clickjacking

Account Takeover with ClickjackingThis writeup is about how I was able to change other users account email with clickjacking. It was a private program on Bugcrowd.The Profile page of the site allows...

View Article

Image may be NSFW.
Clik here to view.

$1800 worth Clickjacking

In this writeup, I will talk about how I earned a total of $1800 by exploiting Clickjacking on pages where User sensitive information was disclosed, It was a private program on Bugcorwd.So there were...

View Article

Image may be NSFW.
Clik here to view.

I could have sent the data to my server, but for the sake of simplicity and...

I could have sent the data to my server, but for the sake of simplicity and demonisation purpose i logged the data in console.

View Article


Image may be NSFW.
Clik here to view.

Server Security Misconfiguration > Clickjacking > Sensitive Click-Based Action

Server Security Misconfiguration > Clickjacking > Sensitive Click-Based Action

View Article

Image may be NSFW.
Clik here to view.

CORS To CSRF Attack

This writeup is about the CORS Misconfiguration by which I was able to perform a CSRF attack to change other users account Info. The target let’s just say it was named redact.com was sending a PUT...

View Article

Image may be NSFW.
Clik here to view.

JSON CSRF to FormData Attack

JSON CSRF To FormData AttackSo you guys must be aware of CSRF attack, if not then here is a short intro:CSRF is an attack that forces an end user to execute unwanted actions on a web application in...

View Article


Image may be NSFW.
Clik here to view.

Exploiting JSONP and Bypassing Referer Check

Hi Folks, hope you are all fine, so this writeup is about exploiting JSONP to extract private data from API endpoints and bypassing the security check by the server.JSONP is (JSON With Padding), JSONP...

View Article


Image may be NSFW.
Clik here to view.

Exploiting WebSocket [Application Wide XSS / CSRF]

Assalam u Alikum, it’s been a while I haven’t contributed to this wonderful community so I am back with a new write up about WebSocket which is fun to exploit. So first of all what is...

View Article
Browsing latest articles
Browse All 10 View Live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>