jowin922Bypass Mobile Phone verification using Mobile websiteI was invited to security test an e-commerce website. Mobile phone number verification is mandatory on the website and customers are not…2 min read·Sep 8, 2023--1--1
jowin922Subdomain Takeover ( Unclaimed Domain Name)I was testing a large scope private program. One of their subdomains was redirecting to a random domain ( eg. xyqhedshhdahjs.com ) which…1 min read·Jul 23, 2023----
jowin922Reflected XSS on Target with tough WAF ( WAF Bypass )I was doing web pentest on a private program. The program had a very tough WAF even typing alert as a payload would be blocked by WAF.2 min read·Feb 8, 2023----
jowin922Common Web Application Security Interview Questions ( VAPT )Below are some of the common questions asked in interviews for web app pentesters or VAPT.1 min read·Jan 27, 2023----
jowin922CORS Misconfig on Out of scope domain Bug Bounty Writeup (300 USD Reward )I got an invite to a bug bounty program, the scope of the testing was on app.redacted.com While checking and understanding the login…2 min read·Dec 8, 2022----
jowin922Using Recon-Ng for Recon for Bug BountyRecon-Ng is a great tool for automating your recon workflow and is one of the must have tool for Bug bounties.2 min read·Dec 6, 2022----