PinnedPublished inTechiepedia5 Ways to Test Password Reset FunctionPassword reset is a function commonly founded in modern web app. This function normally would be the first function I tested in every web…Jun 26, 20212Jun 26, 20212
Published inTechiepediaResponse Manipulation leads to Account TakeoverThis is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication…Mar 6, 20222Mar 6, 20222
What You can Learn from Coinbase Hack with USD250k BountyAs a bug bounty hunter, you may experience something like below:Feb 23, 2022Feb 23, 2022
Published inJavaScript in Plain EnglishJavascript Security — Weak Type BypassHow hackers can bypass JavaScript security checks exploiting its weakly typed feature.Feb 14, 2022Feb 14, 2022
Published inSystem WeaknessCommon Nginx Misconfiguration leads to Path TraversalRecently, I have been invited by my friend to participate into a private pentest project. The target has been using Nginx as its Reverse…Dec 27, 2021Dec 27, 2021
Common Bugs found in File Upload FunctionsFile upload is a function commonly founded in web app. You may find it in social network app, job seeking app etc. Also, it is one of the…Nov 23, 2021Nov 23, 2021
Linux Tricks for Bug Bounty HunterIn previous post, we discussed about how to setup a Recon Machine on VPS and how to use Screen to maintain your recon process even after…Nov 20, 20211Nov 20, 20211
Setup Your Own Recon Machine on Digital OceanIf you are a bug bounty hunter, you may notice that recon is very time consuming. Sometimes, even you have mostly automate your recon…Oct 31, 20211Oct 31, 20211
Automate Your Hunting — Cache PoisonCache Poison is a bug commonly seen in web apps. This passage walks you through how you could automate your testing on such commonly seen…Oct 14, 2021Oct 14, 2021
Power of Your Own Wordlist — Fuzz for Log File Leads to Information LeakageThis is another story of my recent finding of sensitive information leakage. The target is a big hotel and resort Group which has…Oct 9, 20211Oct 9, 20211