https://www.gravatar.com/avatar/ddfe0546935c777f62aec4b764d15975?s=240&d=mp

Welcome to my blog

Cracking the Code: Unveiling the Forgotten Password Flaw leads to ATO

Introduction In the domain of cybersecurity, uncovering vulnerabilities is a critical aspect of maintaining digital security. Recently, a significant flaw was identified within the “Forgot Password” feature in one of my private bug bounty program, specifically centered around its password reset functionality. This vulnerability, residing in the process of handling reset requests, exposed sensitive information by including new passwords in API response payloads. This breach in standard security practices posed a severe risk, allowing attackers to potentially reset any user’s password and gain unauthorized access to their accounts.

Unveiling Hidden Dangers: An Unprotected Symfony Profiler Endpoint Leads to Critical Exposure

Introduction In the ever-evolving landscape of web application security, the discovery of vulnerabilities can often be a race against time. Recently, I encountered a profound security oversight in an application, which served as a stark reminder of the importance of diligent security practices. This post details my journey in uncovering a critical endpoint in a web application exposed via Symfony framework. The Discovery The application, hosted at a specific IP address (redacted for security), presented itself as a typical web application based build using symphony framework.

Chaining the tale of 2 Vulnerabilities

Few months before, I came across an Interesting target during my bug-bounty assessment and found a subdomain-based cors and initially it was rejected stating that there is pre-requisite of the subdomain needed for this vulnerability to work. But then I showed an impact of subdomain takeover and chained with this cors and got the maximum bounty payout and good response from VO.

Payout

0%