The program does not release or incorrectly releases a resource before it is made available for re-use.the function fails to release a lock it acquires, which might lead to deadlock.
I was getting lots of requests and msg on Whatsapp, LinkedIn, Twitter about the source code analysis, and exploitation of API Keys. So I will share my approach and also some blogs and writeups which you can refer to get a clear understanding.
I am excited to share with you all (readers), how challenging and yet how amusing the CTF was. At certain point I was thinking that what am I doing wrong but as they say ‘No detail is too small.’ So here is my detailed CTF walkthrough of CloudSEK’s CTF EWYL Program.
Medium sent me something really exciting in the mail last week — a tax form, with my name on it, proving they'd paid me $1019 in 2017.
Hey my hacker buddies! I hope you are enjoying the WFH(if you have)/ your bounty days! I am not hunting a lot since a good couple of months and that’s the reason I was not active on medium.
[I drafted this writeup 2 years ago. As it took a long time for the patch, posting it now] . It was a usual fresh and sleepy monday morning . I reached my desk and checking mails.
Hey fam, i hope everyone is doing okay and able to use this time efficiently for self development and to self reflect. This corona virus pandemic has grown a bit tiring to be honest and gets the best of us.
I am Jeya Seelan a Security Researcher and a Bug Hunter. This Is My First Bug Bounty Writeup. We are Going to See A Short Story of IDOR and How Could I Have Taken Over Your Account Through It.
This blog aims to help developers understand how attackers can take advantage of security misconfigurations to gain unauthorized access to restricted functionalities.
Everyone knows what is SQL Injection, but just to give you a brief about SQL Injection, it is a code injection technique that might destroy your database. It usually occurs when you ask user for input, like their username or userid, and instead of a name or id, the user gives you SQL statement that you will unknowingly run on your database.
Hi all, assuming you guys are learning new things and improving yourself. As we all are packed in our homes, it’s better to share some ideas to community.
A picture that steals your data — A tale to IP Theft.: Hey folks, in this blog I’m going to share how I found a bug that steals your data with the help of a picture. Let's jump into it.
Turned on machine, started active + passive discovery of domains and all in-scope assets of . Used many tools like Sublist3r, Amass, findomain, subfinder, etc.
You may have heard the expression: hiding in plain sight. And specifically in IT security there is another expression: security through obscurity. This article will be my experience with a bug where one could argue that it was the case of security through obscurity, but it could have been a coincidence. This will be a story of me stumbling onto sql injection (a simple login bypass which logged me into admin panel), but not in a usual way.
Here is my second write-up on my series of bugs found on Google Systems. If you haven’t checked my first write-up, check out below…
A bit of an odd title, eh? Either way, this article will be about a very peculiar bug that I discovered somewhat recently, where it was possible to overwrite user’s/victim’s profile images.
Google Dorking seems an often under-appreciated technique in a bug bounty hunter’s arsenal when assessing a target web application for…
As a pentester developing new skills in different areas is very important as you might miss something crucial from one approach. Android pentesting is one of them, but it requires a dedicated environment and I will explain how to setup an easy one.
Found the AWS Cognito API call for the GetCredentialsForIdentity through the profile picture upload feature of the application which leaks the AWS credentials in the response.
Hello All,As you may already know, I’m full-time bug bounty hunter and earlier this year I had signed a contract as an “Information Security Analyst” in one of the security services providers in our MENA region.