IDOR
Intial Access after getting access to site page noticed are my account details but in the url there id of my of 1009 which sticks out to that are possibly more accounts on this site. Knowing this is tied to our this valu
All writeups — main place about my research as a hacker.
Intial Access after getting access to site page noticed are my account details but in the url there id of my of 1009 which sticks out to that are possibly more accounts on this site. Knowing this is tied to our this valu
Initial Access Getting access to the app lets navigate to any area in the top menu to see products.L injection UNION attack, retrieving multiple values in a single column Area of interest the highlighted part of the url
This challenge was host from The Nahamcon 2025 CTF was easy difficulty Challenge we need to obtain a flag to complete this challenge. Landing Page Notice we can sign up for an email doesn’t need to be just something to t
BOLA vulnerability occurs when an application or API fails to properly verify if a user is authorized to access specific data objects.. This can allow users to bypass authorization checks and access sensitive data or per
Insure File Upload Insecure file upload is a vulnerability where an application allows the upload of files without proper validation and control. Now there is so many websites and apps use a file upload feature is a stan
SSRF After getting access to the environment and finding a cloud container doing a basic enumeration, I discovered it is vulnerable to SSRF. Notice in image 1-1 a directory named metadata-db possibly has sensitive inform
XXS Stored Cross site is dangerous especially stored because its stored into the site and database and can’t be easily terminated from infecting the server hosting the site/sites. After researching how i can exploit this