Hello friends this write-up is about how I bypassed the CORS validation. Let assume the website name redact.com. Simply I logged into the website checked for CSRF attack but there was a Current Password pram which means if I am able to bypass, there is a CSRF protection. …

Hi guy I hope you all are fine this POC is all about how I convert the Self XSS To Evil XSS so let assume the site PRIVATE.COM

The first step simply sign-up and login to the account & start playing with the change account details functionality after some time…

Hy Guy’s this write up is all about my SQL Injection that I found in PRIVATE program running on BugCrowd

let assume website name subdomain.private.com/registro/login. when i visit the site I saw the strange behavior this is the admin panel & the website reload it self again & again so…

Hello guy’s I am back with another POC again this bug I found in PRIVATE program using on bugcrowd so without wasting the time let get started!

let assume the website private.com I created an account looking for CSRF Account Takeover but the website is secure & there is CSRF…

Hi guy I am back with another POC that I found in PRIVATE program on bugcrowd let get started. So let assume the SITE name private.com I was testing the main website and after crawling I come to know that the server is WINDOWS

I didn’t find any thing on…

Hi Guy,

After a long time i decided to share some of my finding & contribute to this awsm community. This write up is all about the IDOR that i found in PRIVATE program that I hunting from past 1 Year.

So there is a request that update the account…

Saad Ahmed

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store