Unveiling Hidden Dangers: An Unprotected Symfony Profiler Endpoint Leads to Critical Exposure
Chaining the tale of 2 Vulnerabilities
Few months before, I came across an Interesting target during my bug-bounty assessment and found a subdomain-based cors and initially it was rejected stating that there is pre-requisite of the subdomain needed for this vulnerability to work. But then I showed an impact of subdomain takeover and chained with this cors and got the maximum bounty payout and good response from VO.
Connect between .htaccess and file upload bypass
This blog contains the Information about the php file upload bypass and the role of .htaccess file in this bypass.
Reflection on my Bug Bounty Journey 2022
Last year with Synack Red Team has been a wholesome experience for me.
How I cleared OSCP in my First Attempt
In this blog, I am going to share my experience on OSCP and provide you guys some tip which might be useful for those who are preparaing for their OSCP exam. Since I took the recent OSCP exam which Includes the Active Directory structure as well. I would share some tips on this part as well.