20+ Blogs

A collection of blogs from bug bounty hunters and security researchers to help you learn from real-world experiences, stay updated on the latest vulnerabilities, and improve your hacking skills with practical insights.

If you want to add your blog to this collection, please email the blog or its link to [email protected]

Business Logic Errors - A Logic Destruction

Business Logic Errors - A Logic Destruction

Jerry Shah

Jerry Shah

Oct 16, 2021

$5K Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)

$5K Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)

Aditya Sharma

Aditya Sharma

Aug 24, 2021

Bypassing LFI (Local File Inclusion)

Bypassing LFI (Local File Inclusion)

Abhishek

Abhishek

Jun 3, 2021

Account Takeover - Smoking with 'null'

Account Takeover - Smoking with 'null'

Jerry Shah

Jerry Shah

Feb 25, 2021

Duplicate Registration - The Twinning Twins

Duplicate Registration - The Twinning Twins

Jerry Shah

Jerry Shah

Feb 8, 2021

RCE via LFI Log Poisoning - The Death Potion

RCE via LFI Log Poisoning - The Death Potion

Jerry Shah

Jerry Shah

Dec 6, 2020

SQL Injection & Remote Code Execution - Double P1

SQL Injection & Remote Code Execution - Double P1

Jerry Shah

Jerry Shah

Sep 13, 2020

Password reset poisoning to ATO and OTP bypass

Password reset poisoning to ATO and OTP bypass

Abhishek

Abhishek

Aug 2, 2020

HTTP Parameter Pollution - It’s Contaminated

HTTP Parameter Pollution - It’s Contaminated

Jerry Shah

Jerry Shah

Jul 24, 2020

Bug Bounty in Lockdown (SQLi and Business Logic)

Bug Bounty in Lockdown (SQLi and Business Logic)

Abhishek

Abhishek

Jun 24, 2020

RCE via Apache Struts2 - Still out there

RCE via Apache Struts2 - Still out there

Abhishek

Abhishek

Feb 27, 2020

Hyperlink Injection - Easy Money (sometimes)

Hyperlink Injection - Easy Money (sometimes)

Abhishek

Abhishek

Jan 28, 2020