Challenge to keep focus on Hacking & Learning For the Next 100days
https://hackerone.com/reports/1501611 https://hackerone.com/reports/1403176 https://ahmadaabdulla.medium.com/vulnerabilitymultiple-vulnerability-leading-to-account-takeover-in-tiktok-smb-subdomain-c99e4a50b377 https://akashhamal0x01.medium.com/watch-out-the-links-account-takeover-32b9315390a7 https://jjowi.medium.com/broken-authentication-login-with-google-b170fbb4b6d0 https://hackerone.com/reports/1074047 https://hackerone.com/reports/1323406 https://medium.com/@hacxyk/how-we-spoofed-ens-domains-52acea2079f6
Reported information disclosure to sony
Hunted 2 Hours today
https://hackerone.com/reports/1518343 https://hackerone.com/reports/1059758 https://hackerone.com/reports/962604 https://hackerone.com/reports/1080437
https://youtube.com/playlist?list=PLO5VPQH6OWdXKPThrch6U0imGdD3pHLXi
https://hackerone.com/reports/1370749 https://hackerone.com/reports/1084904 https://hackerone.com/reports/1466855 https://hackerone.com/reports/1084638
https://youtube.com/playlist?list=PLO5VPQH6OWdXKPThrch6U0imGdD3pHLXi
https://hackerone.com/reports/1237700 https://hackerone.com/reports/921780 https://hackerone.com/reports/915813 https://hackerone.com/reports/825646 https://hackerone.com/reports/810880 https://hackerone.com/reports/704266 https://hackerone.com/reports/920005 https://hackerone.com/reports/751870 https://hackerone.com/reports/882546 https://hackerone.com/reports/485748 https://hackerone.com/reports/422043 https://hackerone.com/reports/380103 https://hackerone.com/reports/473950 https://hackerone.com/reports/1504410 https://hackerone.com/reports/603764 https://hackerone.com/reports/1037714 https://hackerone.com/reports/1410459
https://medium.com/pinoywhitehat/bypass-hackerone-2fa-requirement-and-reporter-blacklist-46d7959f1ee5 https://infosecwriteups.com/authentication-bypass-using-root-array-4a179242b9f7
Graphql : https://securitycafe.ro/2021/10/01/practical-graphql-attack-vectors/
https://passkwall.medium.com/mindset-for-hacking-graphql-applications-5e72b7ba6b71 https://alsmola.medium.com/login-csrf-is-low-risk-and-high-risk-df91de8988bc https://ms-official5878.medium.com/account-takeover-using-forgot-password-functionality-c53a58566d8e
Graphql : https://infosecwriteups.com/graphql-idor-leads-to-information-disclosure-175eb560170d https://labs.detectify.com/2018/03/14/graphql-abuse/
https://medium.com/bugbountywriteup/whatsapp-bug-bounty-bypassing-biometric-authentication-using-voip-87548ef7a0ba https://medium.com/@itsdeepceh/a-business-logic-error-bug-worth-600-a0050720bfee https://mokhansec.medium.com/idor-via-websockets-allow-me-to-takeover-any-users-account-23460dacdeab?source=post_page-----808f0bdd8ac7----0---------------------------- https://mokhansec.medium.com/full-account-takeover-worth-1000-think-out-of-the-box-808f0bdd8ac7
Focussed Mainly on NahamCon2022 CTF and Got 170th Place
Took Rest and Watching Movies
Thinking about doing NahamCon2022 CTF Write-up
Day 13 & 14:
Doing HTB Web Challenges
Reading : https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection