Published inInfoSec Write-upsHubSpot Full Account Takeover in Bug BountyHi everybody, our story today will be about how I was able to get a Full account takeover on HubSpot Public Bug Bounty Program at Bugcrowd…Feb 11, 202336Feb 11, 202336
Published inInfoSec Write-upsCVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise buildingIntroduction:Dec 30, 20222Dec 30, 20222
Published inInfoSec Write-upsCVE-2022-42710: A journey through XXE to Stored-XSSHi everybody, I will share with you in this article in detail how I was able to find CVE-2022–42710 through static analysisDec 16, 20221Dec 16, 20221
Published inInfoSec Write-upsFull Company Building TakeoverHello everybody, Most of the time you read about account takeover or Infrastructure takeover but did you heard before about Company…Oct 6, 202215Oct 6, 202215
Published inInfoSec Write-upsOrange Arbitrary Command ExecutionHi everybody Omar Hashem is here, I will share with you how I was able to achieve more than 10 RCE in different companies using the same…Sep 29, 20224Sep 29, 20224
Published inInfoSec Write-upsHow I Found Multiple SQL Injections in 5 Minutes in Bug BountyHi everybody, SQL Injection is one of the most critical vulnerabilities that can be found in web applications I will show you today how I…Sep 22, 202211Sep 22, 202211
Published inInfoSec Write-upsHow I abused the file upload function to get a high severity vulnerability in Bug BountyHello everyone, one of the most interesting functions is file uploading, vulnerabilities in file uploads usually lead you to critical or…Sep 14, 202216Sep 14, 202216
Published inInfoSec Write-upsHow I found 3 RXSS on Lululemon bug bounty programHi everybody, today i will show you how can simple technique lead you to find multiple series vulnerabilities across the whole subdomainsSep 7, 20227Sep 7, 20227
Published inInfoSec Write-upsHow to prevent more than 200 million users from using Google servicesHi Folks,May 16, 2021May 16, 2021