Abusing feature to steal your tokens
In mid-2018, Linode private Hackerone program got me engaged because of how well the program was getting managed. I found quite of issues there which are privately disclosed on Hackerone...…
Vimeo SSRF with code execution potential.
Recently I discovered a semi responded SSRF on Vimeo with code execution possibility. This blog post explains how i found & exploited it. So lets get started.…
H1-5411 CTF
Rahul and I solved very interesting H1-5411 CTF…
RCE due to ShowExceptions
So a few days back i started testing a private BB program, I found a straightforward RCE on it.…
Path traversal while uploading results in RCE
As the program is private; Program Name, Endpoints are replaced. Hey guys, Today i’ll show you how i gained a Remote Code Execution on a HackerOne’s Private Program. This is chaining of multiple issues, which were addressed separately and all were marked as Critical/P1. This program had…