BugBountyWriteup - Medium
During an iOS application penetration test, a penetration tester utilizes a range of techniques, tools, and methodologies to evaluate the application’s security posture. One such method is static analysis. Static analysis tools assist in identifying security vulnerabilities in the application’s source code or binary without executing it. This process...
IDOR, one of the most common vulnerabilities in applications, can lead to major security leaks. Today, I’ll walk you through how I discovered an IDOR flaw that allowed access to other users’ accounts in the vulnerable application.What is IDOR?Insecure Direct Object Reference (IDOR) is a security vulnerability that arises when the application exposes...
Once the IP is known, conduct a thorough nmap scan to discover open ports and services, providing valuable insights for further exploration and potential vulnerabilities.nmap -sC -sV $ip Based on the nmap scan results, only two services appear to be running on the server: SSH on port 22 and a web server on port 80.To further explore the web server running...
After diving into over 100 write-ups and reports on Server-Side Request Forgery (SSRF), I’ve compiled the key insights and knowledge I’ve gained into this blog. Here, I aim to share a comprehensive overview of SSRF vulnerabilityServer-Side Request Forgery (SSRF)Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to send crafted...
Bounty -CVE-2024–38473Continue reading on InfoSec Write-ups »
It was purely my experience , i respect other bug bounty hunters :)Continue reading on InfoSec Write-ups »
Build your own newsfeed
Ready to give it a go?
Start a 14-day trial, no credit card required.