Archives
- 02 Apr 1-Click Account Takeover (ATO) in Voox Android
- 03 Mar 2FA Bypass via Response Manipulation -- Binding MFA Without Email Verification
- 23 Oct Bypassing OTP Rate Limits with a Simple Capital Letter
- 03 Mar S3 Bucket Writeable and Readable by Unauthenticated Users
- 05 Nov Noob Researching 0 day and N day Bugs.
- 03 Nov Burpsuite Pwn
- 15 Oct The Thrilling Hunt for a Boolean-Based Blind SQL Injection
- 13 Oct Stored XSS to Account Takeover on Web3
- 11 Oct Exposing Broken Access Control in Salesforce
- 09 Oct Improper Access Control: User Information Exposure
- 07 Oct Open Redirect To Account TakeOver