Hey, Today I will share you my recent finding which was a self xss but I turned it into a full account takeover using various other misconfigurations and features already available on the website. EXPLOITATION SCENARIO : Self stored xss Google login csrf to good xss Logout of attacker account …

My OSCP story So it all began in 2018 when I saw this certification on the internet which seemed like a challenging one and a good entry level pentesting certification. So I set a goal for myself that I want to achieve it in end of 2019. …

Story of a stored xss to full account takeover vulnerability(N/A to accepted) Hey everyone, This is one of my most best finds ever which took me some days to exploit but when I finally exploited it, it was the best feeling in the world!! So lets begin, I got a…

Story of a uri based xss with some simple google dorking Hey everyone, This is a old xss bug which I found in a private program on hackerone by doing some google recon. Because it was a private program I will the name the site as www.example.com everywhere. So lets…

Hey today I will share my first ever valid xss bug which was a reflected xss on a public program on hackerone. So lets start, I was very new to hackerone and I took a random program to start and I started to do some recon by finding the subdomains…