List: Vulnerability | Curated by Mrunal chawda

Sep 2, 2022
22 stories
3 saves
Vulnerability
Aditya Soni
How I approached Dependency Confusion!Hi People, In this blog, I will be sharing my approach for finding Dependency Confusion bugs.
Jan 31, 2022
6
Jan 31, 2022
6
bombon
How I Test For Web Cache Vulnerabilities + Tips And Tricks@bxmbn
Jul 21, 2022
18
Jul 21, 2022
18
rvdt
SecStory: How I Found Multiple P1 Vulnerabilities without ReconHello everyone. Nowadays, there are numerous bug hunting stories on the internet. For me, I’ve dubbed my experiences as my “SecStory,”…
Jul 23, 2022
2
Jul 23, 2022
2
In
The Startup
by
Vickie Li
Hacking Git DirectoriesHow to reconstruct source code from an exposed .git directory
Dec 25, 2019
1
Dec 25, 2019
1
Stealthy
HTTP Request Smuggling on business.apple.com and Others.WhoAmI:
Apr 5, 2022
4
Apr 5, 2022
4
In
Pentester Academy Blog
by
Shivam Bathla
API5:2019 — Broken Function Level Auth IIHello all, today we will be looking into OWASP API Security Top 10’s another vulnerability, i.e. Broken Function Level Authorization.
Jul 29, 2020
Jul 29, 2020
 This story is no longer available
In
InfoSec Write-ups
by
Tuhin Bose
Log4shell Zero-Day Exploit— Full GuideHello guys! My name is Tuhin Bose (@tuhin1729). I am a cyber security researcher and bug bounty hunter. In this write-up, I am going to…
Dec 14, 2021
5
Dec 14, 2021
5
Pranay Bafna
TCAPT: DLL HijackingHello Hackmates, I’ve been learning about Thick Client Application Penetration Testing and recently, came up with the topic: DLL Hijacking…
Nov 24, 2021
Nov 24, 2021
Aditya Verma
Peeping through a Web-SocketRecently, I had found a bug related to web sockets through which I was able to view all the messages being sent to the victim user.
Nov 20, 2021
Nov 20, 2021
Sushant Kamble
How I found Command Injection via Obsolete PHPThumb P1 vulnerabilityHello Readers, after a great response to my previous write-up on Account Takeover Chained to Host Header Injection. I would like to thank…
Oct 30, 2021
3
Oct 30, 2021
3
Priyansh Bansal
Unauthenticated Cache PurgeHello everyone, I am Priyansh and this is my first writeup. Today I will be discussing a vulnerability that I found in one of the…
Oct 27, 2021
1
Oct 27, 2021
1
Gnana Aravind K
Bypassing a payment gateway for FUN 🙂Good day ppl ! This is Gnana Aravind, with a new write-up on how I bypassed the payment gateway of a website and made my payment…
Sep 9, 2021
4
Sep 9, 2021
4
Youssef A. Mohamed
Escalating SSRF to RCEEscalating SSRF to RCE in AWS Elastic Beanstalk
Mar 12, 2019
2
Mar 12, 2019
2
In
InfoSec Write-ups
by
Tuhin Bose
Account Takeover via Access Token LeakageHello guys! My name is Tuhin Bose (@tuhin1729). I am a cyber security researcher and bug bounty hunter. In this write-up, I am going to…
Aug 19, 2021
Aug 19, 2021
In
InfoSec Write-ups
by
Efren Diaz
Find real website ip bruteforcing ipv4 rangesToday many web applications are protected behind services such as Cloudfare, Akamai, etc… hiding their real ip address and this can be an…
Aug 17, 2021
Aug 17, 2021
In
InfoSec Write-ups
by
Keshav Khanna
Fundamentals of SIEMThis blog is for those people who are interested in working on any Siem tool.
Aug 11, 2021
2
Aug 11, 2021
2
viral bhatt
Bypass Google Captcha+Parameter Pollution Leads to send email to any user on behalf of…Hi folks, I am Viral Bhatt. This is my first write-up so there might be possibilities of numerous mistakes but yeah it’s okay to make…
Aug 13, 2021
3
Aug 13, 2021
3
In
InfoSec Write-ups
by
Manas Harsh
WAF bypasses: Tearing down the wallBefore we go deep into the ACTUAL bypasses section, It’s really important to understand what is a WAF(Web application firewall) and it’s…
Aug 12, 2021
Aug 12, 2021
In
InfoSec Write-ups
by
can1337
What is BOLA? 3-digit bounty from Topcoder ($$$)This write-up will be about Broken Object Level Authorization (BOLA), which is #1 topic of API Security 101 (OWASP).
Aug 9, 2021
Aug 9, 2021