Bypassing WAF and got XSS in DOD Hello all, In this post I will share about the how I found RXSS on DOD. https://hackerone.com/reports/1834042 During my latest security testing, I set my sights on the Department of Defense’s website and chose example.com as my target. My first step was to use subfinder to search for any subdomains…

Hello all… Today, I will be sharing with you how I discovered an IDOR vulnerability on a government website. So what is IDOR? Insecure Direct Object Reference (IDOR) vulnerabilities are a common security flaw in which applications unintentionally expose sensitive internal objects such as files, databases, and user details. Lets…

Session termination is an important part of the session lifecycle. Reducing to a minimum the lifetime of the session tokens decreases the likelihood of a successful session hijacking attack. This can be seen as a control against preventing other attacks like Cross Site Scripting and Cross Site Request Forgery. Such…

Good day, everyone! I spent nearly three hours looking for this bug, but it took me three months to uncover the bug that brought me my first bounty. And this is the continuation of my article about “On the way to 2nd Bounty”, where I said about XSS and a…

Hello readers, in this post, we’ll look at XSS and Apache Server furthere on apache server I will post another article. Cross Site Scripting (XSS) (https://owasp.org/www-community/attacks/xss/) Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses…

Hello!! This is my first article, and I really hope you enjoy it! From June 2021, I began looking for issues on the websites. So, one day after submiting many Report where some got accepted and Rejected, I was just showing/telling my sister about the BugBounty and clicked on the…