Friday, November 17, 2017

About Me.



I am a security enthusiast in the areas of web-applications, network engineering & mobile applications, programming is also a part of my interests (Python lover :p).Also work as an individual web-application security engineer with broad experience in all aspects of security management and implementation. I am looking forward towards hardening skills in various security standards. As a part of my core interest, always prefer consuming my leisure's in performing individual security audits and vulnerability assessments or source code analysis. I am also a bug bounty hunter. I participated in all major bug bounty programs organised by internet giants like Google, Microsoft,Apple, Bugcrowd,…..etc I have 3+ years of expertise in both black box as well as white box penetration testing.

Follow me :

Twitter

Facebook


Thursday, October 26, 2017

Hack the Planet :)

Hello Hackers!

Today I am going to disclose my recent finding where I was able to takeover the user's account. So the target was planet.com as initially I was looking for some of the bugs in Google acquisitions :p

After Whois lookup and gathering some information from Crunchbase and Wiki, I came to know that it wasn't Google's acquisition but I still looked for vulnerabilities and found ACCOUNT TAKEOVER :)

Basically there was an IDOR vulnerability on their reset password link.

Check out the POC: