Nov 2, 2020সিন্যাক কি ও কিছু প্রশ্নের উত্তরআসসালামু আলাইকুম, আজ এই পোষ্টটি লিখার কোন ইচ্ছা ছিল না বাট লিখতে বসলাম কিছু প্রশ্নের উত্তর দিতে ও সিন্যাক নিয়ে অনেকে জানতে চেয়েছেন সেই সম্পর্কে লিখতে । অনেকে হইত আমার গত পোষ্টটি https://www.facebook.com/groups/vorhelpcenter/permalink/691994155058387/ পরেছেন । এই পোষ্টটির কিছু বিষয় নিয়ে তাদের গ্রুপের কিছু পোষ্ট দেখলাম যেগুলার screenshot তো পোষ্টগুলাই দুইটা…6 min read6 min read
Published inInfoSec Write-ups·Mar 27, 2020XSS WAF & Character limitation bypass like a bossHello Fellow Hackers! I am sitting in my room for last 3 days due to corona virus outbreak world wide and feeling really bored . So I thought why not do a write-up what I promised really long ago 🤭. Few months back in My Tweet I shared a way…Bug Bounty4 min readBug Bounty4 min read
Published inInfoSec Write-ups·Jun 5, 2019Unicode vs WAF — XSS WAF Bypass .Hi readers , At 1st Eid Mubarak to all . May Allah bring you joy, happiness, peace and prosperity on this blessed occasion. Wishing you and your family on this happy occasion of Eid! Eid Mubarak! …Xss Bypass4 min readXss Bypass4 min read
Published inInfoSec Write-ups·Nov 18, 2018XSS bypass using META tag in realestate.postnl.nlHi readers , Today I will write about a XSS Vulnerability I reported to postnl.nl bug bounty Program . Vulnerable Endpoint :- http://realestate.postnl.nl/?Lang= To test a normal Reflected XSS I Input “><xsstest> in the Lang parameter and in source it was reflected properly inside META tag like below :- <meta…JavaScript3 min readJavaScript3 min read
Published inInfoSec Write-ups·Nov 7, 2018How I earned 5040$ from Twitter by showing a way to Harvest other users IP addressHi guys , This is Prial Islam a security researcher from Bangladesh . This is a old finding of mine adding into my blog . Recently I disclosed a POC on How I was able to get all vine users sensitive Information including Phone no/ IP Address / Emails and…Bug Bounty2 min readBug Bounty2 min read
Published inInfoSec Write-ups·Nov 7, 2018Vine User’s Private information disclosureHello readers, This is Prial Islam a security researcher from Bangladesh . This is a old finding of mine adding into my blog . Today I will write about a Critical IDOR vulnerability that will lead to Information Disclosure what allowed me to get any Vine user’s sensitive information including…Security3 min readSecurity3 min read
Published inInfoSec Write-ups·Oct 25, 2018Subdomain takeover dew to missconfigured project settings for Custom domain .Hi readers , Today I will write about Subdomain takeover . It’s a common Security issue what is actually developers mistake when they left a Unused/unclaimed 3rd party Service DNS CNAME record for a subdoamin of theirs and Hackers can claim those subdomains with the help of external services it…Ethical Hacking3 min readEthical Hacking3 min read
Published inInfoSec Write-ups·Jul 21, 2018Unclaimed Medium Publication takeover in WeTransferHi readers , I am a Cyber Security Researcher from Bangladesh . Again I am here to share a Security issue I found on WeTransfer . WeTransfer have a paid bugbounty program under Zerocopter . So I start testing their sites . While I was bruteforcing wetransfer.com with DIRB script…Short Story2 min readShort Story2 min read
Published inInfoSec Write-ups·Apr 30, 2018Bypass of External link warning page in ZerocopterDescription zerocopter.com is a bug bounty platform for Ethical hackers just like Hackerone . In zerocopter reports user can use Markdown . Users are also allowed to give external links in reports . …Web Development2 min readWeb Development2 min read
Published inInfoSec Write-ups·Apr 21, 2018Story Of a Stored XSS BypassHi readers , I am a Cyber Security Researcher from Bangladesh . This is my 1st write-up and also I am not good at XSS so forgive all mistakes . Recently I was testing a private site and in that site users can add their personal information . I noticed…JavaScript2 min readJavaScript2 min read