Open in app

Sign In

Write

Sign In

Prial Islam Khan
Prial Islam Khan

1K Followers

Home

About

Nov 2, 2020

সিন্যাক কি ও কিছু প্রশ্নের উত্তর

আসসালামু আলাইকুম, আজ এই পোষ্টটি লিখার কোন ইচ্ছা ছিল না বাট লিখতে বসলাম কিছু প্রশ্নের উত্তর দিতে ও সিন্যাক নিয়ে অনেকে জানতে চেয়েছেন সেই সম্পর্কে লিখতে । অনেকে হইত আমার গত পোষ্টটি https://www.facebook.com/groups/vorhelpcenter/permalink/691994155058387/ পরেছেন । এই পোষ্টটির কিছু বিষয় নিয়ে তাদের গ্রুপের কিছু পোষ্ট দেখলাম যেগুলার screenshot তো পোষ্টগুলাই দুইটা…

6 min read

সিন্যাক কি ও কিছু প্রশ্নের উত্তর
সিন্যাক কি ও কিছু প্রশ্নের উত্তর

6 min read


Published in InfoSec Write-ups

·Mar 27, 2020

XSS WAF & Character limitation bypass like a boss

Hello Fellow Hackers! I am sitting in my room for last 3 days due to corona virus outbreak world wide and feeling really bored . So I thought why not do a write-up what I promised really long ago 🤭. Few months back in My Tweet I shared a way…

Bug Bounty

4 min read

XSS WAF & Character limitation bypass like a boss
XSS WAF & Character limitation bypass like a boss
Bug Bounty

4 min read


Published in InfoSec Write-ups

·Jun 5, 2019

Unicode vs WAF — XSS WAF Bypass .

Hi readers , At 1st Eid Mubarak to all . May Allah bring you joy, happiness, peace and prosperity on this blessed occasion. Wishing you and your family on this happy occasion of Eid! Eid Mubarak! …

Xss Bypass

4 min read

Unicode vs WAF — XSS WAF Bypass .
Unicode vs WAF — XSS WAF Bypass .
Xss Bypass

4 min read


Published in InfoSec Write-ups

·Nov 18, 2018

XSS bypass using META tag in realestate.postnl.nl

Hi readers , Today I will write about a XSS Vulnerability I reported to postnl.nl bug bounty Program . Vulnerable Endpoint :- http://realestate.postnl.nl/?Lang= To test a normal Reflected XSS I Input “><xsstest> in the Lang parameter and in source it was reflected properly inside META tag like below :- <meta…

Java Script

3 min read

XSS bypass using META tag in realestate.postnl.nl
XSS bypass using META tag in realestate.postnl.nl
Java Script

3 min read


Published in InfoSec Write-ups

·Nov 7, 2018

How I earned 5040$ from Twitter by showing a way to Harvest other users IP address

Hi guys , This is Prial Islam a security researcher from Bangladesh . This is a old finding of mine adding into my blog . Recently I disclosed a POC on How I was able to get all vine users sensitive Information including Phone no/ IP Address / Emails and…

Bug Bounty

2 min read

How I earned 5040$ from Twitter by showing a way to Harvest other users IP address
How I earned 5040$ from Twitter by showing a way to Harvest other users IP address
Bug Bounty

2 min read


Published in InfoSec Write-ups

·Nov 7, 2018

Vine User’s Private information disclosure

Hello readers, This is Prial Islam a security researcher from Bangladesh . This is a old finding of mine adding into my blog . Today I will write about a Critical IDOR vulnerability that will lead to Information Disclosure what allowed me to get any Vine user’s sensitive information including…

Security

3 min read

Vine User’s Private information disclosure
Vine User’s Private information disclosure
Security

3 min read


Published in InfoSec Write-ups

·Oct 25, 2018

Subdomain takeover dew to missconfigured project settings for Custom domain .

Hi readers , Today I will write about Subdomain takeover . It’s a common Security issue what is actually developers mistake when they left a Unused/unclaimed 3rd party Service DNS CNAME record for a subdoamin of theirs and Hackers can claim those subdomains with the help of external services it…

Ethical Hacking

3 min read

Subdomain takeover dew to missconfigured project settings for Custom domain .
Subdomain takeover dew to missconfigured project settings for Custom domain .
Ethical Hacking

3 min read


Published in InfoSec Write-ups

·Jul 21, 2018

Unclaimed Medium Publication takeover in WeTransfer

Hi readers , I am a Cyber Security Researcher from Bangladesh . Again I am here to share a Security issue I found on WeTransfer . WeTransfer have a paid bugbounty program under Zerocopter . So I start testing their sites . While I was bruteforcing wetransfer.com with DIRB script…

Short Story

2 min read

Unclaimed Medium Publication takeover in WeTransfer
Unclaimed Medium Publication takeover in WeTransfer
Short Story

2 min read


Published in InfoSec Write-ups

·Apr 30, 2018

Bypass of External link warning page in Zerocopter

Description zerocopter.com is a bug bounty platform for Ethical hackers just like Hackerone . In zerocopter reports user can use Markdown . Users are also allowed to give external links in reports . …

Web Development

2 min read

Bypass of External link warning page in Zerocopter
Bypass of External link warning page in Zerocopter
Web Development

2 min read


Published in InfoSec Write-ups

·Apr 21, 2018

Story Of a Stored XSS Bypass

Hi readers , I am a Cyber Security Researcher from Bangladesh . This is my 1st write-up and also I am not good at XSS so forgive all mistakes . Recently I was testing a private site and in that site users can add their personal information . I noticed…

Java Script

2 min read

Story Of a Stored XSS Bypass
Story Of a Stored XSS Bypass
Java Script

2 min read

Prial Islam Khan

Prial Islam Khan

1K Followers

A teenager boy with passion of Breaking Security .

Following
  • Anangsha Alammyan

    Anangsha Alammyan

  • Sanzid Kawsar

    Sanzid Kawsar

  • Hussnain Fareed

    Hussnain Fareed

  • Sudhanshu Rajbhar

    Sudhanshu Rajbhar

  • Nikhil (niks)

    Nikhil (niks)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech