Hello all, I hope you’re fine! Our story today is a funny ATO I recently found it, so I decided to share it with you. Background: Let’s assume that our vulnerable subdomain is sub.redacted.com and it deals with an API subdomain called api.redacted.com …

Hello everybody, today we have a simple Stored XSS vulnerability that leads to stealing cookies and Taking over the account. Let’s start Reconnaissance The target is only one single domain and its API subdomain let’s call them target.com and api.target.com , so simply when I do a pen-test for any target…

Hello all, hope you’re OK. Our journey today is about how I found multiple SQL Injections in a bug bounty program in just a few minutes with a cool technique. Let’s begin and call our target redacted.org. Enumeration Phase: I started to look at the web archive of the target with the…

Hello all, hope you’re OK. Our journey today is about how I found multiple SQL Injection in a BugBounty program in just few minutes with a cool technique . Let’s begin and call our target redacted.org. Enumeration Phase: I started to look at the web archive of the target with the waybackurls…

Web Challenges