Open in app

Sign In

Write

Sign In

Mahmoud Youssef
Mahmoud Youssef

1.3K Followers

Home

About

Sep 6, 2022

Exploiting Out-of-Band XXE in the Wild

Hello all, I hope you’re fine! Our story today is about one of the most interesting bugs I found, actually, it’s my first time finding this bug in a BB Program, and some problems faced me while making a PoC to retrieve local files, so I decided to share it…

Bug Bounty

7 min read

Exploiting Out-of-Band XXE in the Wild
Exploiting Out-of-Band XXE in the Wild
Bug Bounty

7 min read


Jul 2, 2022

Admin account takeover via weird Password Reset Functionality

Hello all, I hope you’re fine! Our story today is a funny ATO I recently found it, so I decided to share it with you. Background: Let’s assume that our vulnerable subdomain is sub.redacted.com and it deals with an API subdomain called api.redacted.com …

Bug Bounty

5 min read

Admin account takeover via weird Password Reset Functionality
Admin account takeover via weird Password Reset Functionality
Bug Bounty

5 min read


May 15, 2022

How I managed to take over any account visits my profile with Stored XSS

Hello everybody, today we have a simple Stored XSS vulnerability that leads to stealing cookies and Taking over the account. Let’s start Reconnaissance The target is only one single domain and its API subdomain let’s call them target.com and api.target.com , so simply when I do a pen-test for any target…

Cybersecurity

3 min read

How I managed to take over any account visits my profile with Stored XSS
How I managed to take over any account visits my profile with Stored XSS
Cybersecurity

3 min read


Published in InfoSec Write-ups

·Dec 14, 2021

How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes

Hello all, hope you’re OK. Our journey today is about how I found multiple SQL Injections in a bug bounty program in just a few minutes with a cool technique. Let’s begin and call our target redacted.org. Enumeration Phase: I started to look at the web archive of the target with the…

Bug Bounty

4 min read

How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes
How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes
Bug Bounty

4 min read


Nov 6, 2021

How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes

Hello all, hope you’re OK. Our journey today is about how I found multiple SQL Injection in a BugBounty program in just few minutes with a cool technique . Let’s begin and call our target redacted.org. Enumeration Phase: I started to look at the web archive of the target with the waybackurls…

Bug Bounty

4 min read

How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes
How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes
Bug Bounty

4 min read


Sep 20, 2020

Cybertalents Quals : Saudi, Sudan, Egypt and Tunisia National CTF 2020 Write-Up

Web Challenges

Ctf

5 min read

Cybertalents Quals : Saudi, Sudan, Egypt and Tunisia National CTF 2020 Write-Up
Cybertalents Quals : Saudi, Sudan, Egypt and Tunisia National CTF 2020 Write-Up
Ctf

5 min read

Mahmoud Youssef

Mahmoud Youssef

1.3K Followers

Cyber Security Researcher | Bug Hunter

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech