Bypass Mobile Phone verification using Mobile websiteI was invited to security test an e-commerce website. Mobile phone number verification is mandatory on the website and customers are not…Sep 8, 20231Sep 8, 20231
Subdomain Takeover ( Unclaimed Domain Name)I was testing a large scope private program. One of their subdomains was redirecting to a random domain ( eg. xyqhedshhdahjs.com ) which…Jul 23, 2023Jul 23, 2023
Reflected XSS on Target with tough WAF ( WAF Bypass )I was doing web pentest on a private program. The program had a very tough WAF even typing alert as a payload would be blocked by WAF.Feb 8, 2023Feb 8, 2023
Common Web Application Security Interview Questions ( VAPT )Below are some of the common questions asked in interviews for web app pentesters or VAPT.Jan 27, 2023Jan 27, 2023
CORS Misconfig on Out of scope domain Bug Bounty Writeup (300 USD Reward )I got an invite to a bug bounty program, the scope of the testing was on app.redacted.com While checking and understanding the login…Dec 8, 2022Dec 8, 2022
Using Recon-Ng for Recon for Bug BountyRecon-Ng is a great tool for automating your recon workflow and is one of the must have tool for Bug bounties.Dec 6, 2022Dec 6, 2022