Exploiting iOS app for fun and profit 💲💲💲 Hi readers , I hope everyone doin’ well . In this blog I’m gonna share one of my recent finding on iOS app .This app highly used in India and currently it’s on top charts under education section . For NDA policy I can’t disclose the appContinue reading “Exploiting iOS app for fun and profit”
Takeover seller accounts worth billions & millions
Hi there , today I’m gonna share one of my finding over authorization bug . Before jump into details make sure to follow me for upcoming writeups . I found this bug on India’s biggest e-commerce site (for NDA policy let’s assume it redacted.com) . There’s 2 types of login for users – buyer andContinue reading “Takeover seller accounts worth billions & millions”
Stealing cookies from subdomain leads to takeover user accounts at redacted.com
Hi , I’m Bijan (0xBijan) , today I’m gonna share one of my finding on ATO bugs . Few months back I was hunting on a private program , let’s call it redacted.com for program policy and privacy . Everything under *.redacted.com was in scope . So , dashboard.redacted.com was the main surface of theContinue reading “Stealing cookies from subdomain leads to takeover user accounts at redacted.com”
Deleting account via support ticket
Hello guys , today I’m gonna share one of my finding on how I was able to delete accounts via support ticket also without any account verification . So everyone knows about support form or contact us form . But many of them unware about the issue that this can be use as account deletionContinue reading “Deleting account via support ticket”
[Repost]Bug Bounty catches part -1
Hi hunters , again I gonna share some of my findings which I found few month ago . This article have divided into 3 parts , each part describe about my finding . So , not taking your time anymore lets jump into our 1st finding . I added some bug bounty tips in theContinue reading “[Repost]Bug Bounty catches part -1”