Hunting CVE’s for fun and learningAs every security researcher idea of tagging CVE’s to my name was a dream when I started my career in infosec. I wondered how this whole…Feb 9, 2021Feb 9, 2021
Account Takeover via IDORIDOR occurs when a user supplied input is unvalidated and direct access to the object requested is provided.Nov 18, 2020Nov 18, 2020
Chaining Bugs — Escalating XSS to SSRFAbusing SSRF in AWS environment | Local File ReadOct 17, 2020Oct 17, 2020
Arbitrary File DownloadHere is the story from my recent web application assessment, were the application was vulnerable to directory traversal leading to…Jul 22, 2020Jul 22, 2020
SSRF to Local File read through HTML injection in PDF fileIn one of the recent web application security assessment, I came across an interesting find that allowed me to escalate from simple HTML…May 1, 2020May 1, 2020
