PinnedMikeChaninTechiepedia5 Ways to Test Password Reset FunctionPassword reset is a function commonly founded in modern web app. This function normally would be the first function I tested in every web…·4 min read·Jun 26, 2021--2--2
MikeChaninTechiepediaResponse Manipulation leads to Account TakeoverThis is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication…·3 min read·Mar 6, 2022--2--2
MikeChanWhat You can Learn from Coinbase Hack with USD250k BountyAs a bug bounty hunter, you may experience something like below:·5 min read·Feb 23, 2022----
MikeChaninJavaScript in Plain EnglishJavascript Security — Weak Type BypassHow hackers can bypass JavaScript security checks exploiting its weakly typed feature.·3 min read·Feb 14, 2022----
MikeChaninSystem WeaknessCommon Nginx Misconfiguration leads to Path TraversalRecently, I have been invited by my friend to participate into a private pentest project. The target has been using Nginx as its Reverse…·3 min read·Dec 27, 2021----
MikeChanCommon Bugs found in File Upload FunctionsFile upload is a function commonly founded in web app. You may find it in social network app, job seeking app etc. Also, it is one of the…·3 min read·Nov 23, 2021----
MikeChanLinux Tricks for Bug Bounty HunterIn previous post, we discussed about how to setup a Recon Machine on VPS and how to use Screen to maintain your recon process even after…·3 min read·Nov 20, 2021--1--1
MikeChanSetup Your Own Recon Machine on Digital OceanIf you are a bug bounty hunter, you may notice that recon is very time consuming. Sometimes, even you have mostly automate your recon…·4 min read·Oct 31, 2021--1--1
MikeChanAutomate Your Hunting — Cache PoisonCache Poison is a bug commonly seen in web apps. This passage walks you through how you could automate your testing on such commonly seen…·2 min read·Oct 14, 2021----
MikeChanPower of Your Own Wordlist — Fuzz for Log File Leads to Information LeakageThis is another story of my recent finding of sensitive information leakage. The target is a big hotel and resort Group which has…·3 min read·Oct 9, 2021--1--1