Hello everybody, today we have a simple Stored XSS vulnerability that leads to stealing cookies and Taking over the account. Let’s start Reconnaissance The target is only one single domain and its API subdomain let’s call them target.com and api.target.com , so simply when I do a pen-test for any target…

Hello all, hope you’re OK. Our journey today is about how I found multiple SQL Injections in a bug bounty program in just a few minutes with a cool technique. Let’s begin and call our target redacted.org. Enumeration Phase: I started to look at the web archive of the target with the…

Hello all, hope you’re OK. Our journey today is about how I found multiple SQL Injection in a BugBounty program in just few minutes with a cool technique . Let’s begin and call our target redacted.org. Enumeration Phase: I started to look at the web archive of the target with the waybackurls…

Web Challenges