Bypassing 403 Protection To Get Pagespeed Admin Access

So whenever you visit some restricted resource you generally get 403-Forbidden message. But should you stop right here? Obviously no, always try to break into these restrictions to get sensitive

Read more

Burp Suite: Match And Replace

Burp suite’s proxy options have an option called “Match and replace” available. This option has many rich uses that can help us automate our testing process.

Read more

400$ Bounty using Google Dorks

I’ll share with you how I get 400$ Bounty again using Google Dorks.

Read more

Iframe Injection leads to CSRF and Account Takeover

Iframes that are injected into web pages are mostly called by Client’s Browser except in some cases like PDF generators.

Read more

How I CSRF’d My First Bounty

This is my first blog post, and I decided to start off by sharing about my recent finding. It was a CSRF issue, which earned me $500.

Read more