Hello Security Researchers
In this writeup I will talk how I was able to find an IDOR in one of the largest Russian Company nothing other than Mail.ru So approaching targets with huge scope can be frustrating sometimes since you don’t know where to start, For me I started looking in the main scope of Mail.ru Games
I fired up Burp Created an account Adding things in my cart Viewing the blog Creating a support ticket Before testing anything the ticket link looked kind of suspicious since it had /ticket/INTEGER
Hello Security Researchers
In this writeup I will explain how I was able to find RCE in Mail.ru which is considered the world largest internet company, Before starting to hack I was wondering on how I should approach the target and what most people would miss in the program, they have a huge scope which means it should be something out there sitting for me to find
I started looking with the Favicon using this script Where I replace the link with the Mail.ru favicon, once generate I go to shodan.io and search for it
Hello Security Researchers
In this write-up, I want to share with you a finding that I discovered in a public bug bounty program that ended up paying me 1K just using a single command on the terminal
I won’t be able to disclose the name of the program since the leak was huge and they are still merging all the previous algorithm they used before to a new one and the deprecated API is still reachable
Hello Security Researchers and Hackers
In this writeup I explain how I found 2 rXSS vulnerabilities in Angular using automation.
Tools Used # Findomain for subdomain monitoring Wappalyzer for technology detection Discovery Process # Received Telegram alert for new subdomains