bug-bounty
2 Posts
From Dorks to Defense: How I Secured Two CERT-In Hall of Fames
How targeted Google dorking on government domains uncovered SQL injection and XSS bugs that earned two CERT-In Hall of Fame recognitions.
·5 min readSweet Security Disaster: How I Could Verify Any Account on a Dessert Website 🍦
An account-verification bypass on a dessert site: a Base64-encoded email parameter with no server-side validation let me activate any account.
·4 min read