#bug-bounty
4 articles
From Dorks to Defense: How I Secured Two CERT-In Hall of Fames
How targeted Google dorking on government domains uncovered SQL injection and XSS bugs that earned two CERT-In Hall of Fame recognitions.
·5 min readXSS Meets IDOR: A Double Vulnerability Story on a Learning Platform 🔥
Chaining a stored HTML injection, an IDOR on predictable blog IDs, and stored XSS into full account takeover on a learning platform.
·5 min readWhy IDORs Are Everywhere — And How to Find Them — Part I
How predictable sequential IDs exposed thousands of customer invoices, plus a methodology for spotting horizontal, vertical, and blind IDORs.
·5 min readSweet Security Disaster: How I Could Verify Any Account on a Dessert Website 🍦
An account-verification bypass on a dessert site: a Base64-encoded email parameter with no server-side validation let me activate any account.
·4 min read