From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password”
A simple story when Allah allowed me to get P1 by combining several issues, one of which was related to “weak credentials”. In the name of...
Collection of Bug Hunting Activity
A simple story when Allah allowed me to get P1 by combining several issues, one of which was related to “weak credentials”. In the name of...
A story when Allah willed me to tried to optimize my findings in the Points-Only program to be able to get 6 paid P1 issues in...
A story about how I Finally could use an AD account that unenrolled to MFA, by using an EWS Misconfiguration to Access Email Inbox and (Having...
A story about how I got several simple bugs (1 P2, 1 P3, and 2 P4s) on a target (that just allow Specific Country Code to...
How I Finally could Got into an Internal Network (and could accessing all of their internal assets) at One of the Biggest ICT company in the...
CVE-2019–18653 & CVE-2019–18654: The story when Reflected XSS was triggered from the SSID Name (It also affected AVG AntiVirus because basically the product codes were mostly...
The story of when you download a file that looks “legitimate”, but changes when you run the file. In the name of Allah, the Most Gracious,...
In the name of Allah, the Most Gracious, the Most Merciful. – Part I from (hopefully) IV Parts – Update I: Added a “Reference” Section. Update...
In the name of Allah, the Most Gracious, the Most Merciful. Description: The expired subscription pop-up could be bypassed by opening the .pdf document at the...
In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple:[English Version] IDOR...