Hello Fellow Hackers! I am sitting in my room for last 3 days due to corona virus outbreak world wide and feeling really bored . So I thought why not do a write-up what I promised really long ago 🤭. Few months back in My Tweet I shared a way…

Hi readers , At 1st Eid Mubarak to all . May Allah bring you joy, happiness, peace and prosperity on this blessed occasion. Wishing you and your family on this happy occasion of Eid! Eid Mubarak! So on this blessed occasion I thought let’s share one of my finding as…

Hi readers , Today I will write about a XSS Vulnerability I reported to postnl.nl bug bounty Program . Vulnerable Endpoint :- http://realestate.postnl.nl/?Lang= To test a normal Reflected XSS I Input “><xsstest> in the Lang parameter and in source it was reflected properly inside META tag like below :- <meta…

Hi guys , This is Prial Islam a security researcher from Bangladesh . This is a old finding of mine adding into my blog . Recently I disclosed a POC on How I was able to get all vine users sensitive Information including Phone no/ IP Address / Emails and…

Hello readers, This is Prial Islam a security researcher from Bangladesh . This is a old finding of mine adding into my blog . Today I will write about a Critical IDOR vulnerability that will lead to Information Disclosure what allowed me to get any Vine user’s sensitive information including…

Hi readers , Today I will write about Subdomain takeover . It’s a common Security issue what is actually developers mistake when they left a Unused/unclaimed 3rd party Service DNS CNAME record for a subdoamin of theirs and Hackers can claim those subdomains with the help of external services it…

Hi readers , I am a Cyber Security Researcher from Bangladesh . Again I am here to share a Security issue I found on WeTransfer . WeTransfer have a paid bugbounty program under Zerocopter . So I start testing their sites . While I was bruteforcing wetransfer.com with DIRB script…

Description zerocopter.com is a bug bounty platform for Ethical hackers just like Hackerone . In zerocopter reports user can use Markdown . Users are also allowed to give external links in reports . …

Hi readers , I am a Cyber Security Researcher from Bangladesh . This is my 1st write-up and also I am not good at XSS so forgive all mistakes . Recently I was testing a private site and in that site users can add their personal information . I noticed…