Pentesting blogs

Learn | Think | Practice

Csrf Leads To Disable Account Of Arbitrary User

Basic Overview Of Bug in this article i will show how a csrf attack and cart rate limit bypass leads to ddos on victim account which leads to temprory ban of user account i was pentesting on private website it was a e-commerce website where you can buy and purchase... [Read More]
Tags: bug hunting

Web Cache Poisioing To SSRF and XSS

Introduction I don’t waste time by talking about myself …i gonna share my experience of a bug “web cache poisioning” in bug bounty as usually i was pentesting on private sites i saw there my paraminer shows an unkeyed url with secret url Before exploiting part i wanna share my... [Read More]

Web Cache Deception To RCE

concept of web cache deception website uses cdn’s for storing local cached copy of webpage like pdf,css.etc. so that when user revisits to that website the website will work faster and also for reducing loads suppose two user bob and alice have two accounts on a website which is vulnerable... [Read More]
Tags: bug hunting

Authentication Token Leads To IDOR

Introduction Here is the article how i was able to bypass authentication token and able to exploit idor and add any user to add events of website ..before coming on main topic that how i find the vulnerablity let me clear your core concepts about authorization tokens [Read More]
Tags: bug hunting