Tag: bug bounty

[Tips & Trick] 0-Click Account Takeover via OSINT

P1 – Account Takeover via Forgot Password API

P1 – OTP Code Leak to Account Takeover

P3 – Panel Admin Takeover via Credential Leak on API Documentation Link

P1 – RCE Via Upload PDF File

P1 – Time Based Blind SQL Injection on search parameter

P2 – IDOR For Wallet Balance Manipulation

P1 – Default Credential on Username Password Employer

P3 – Website Not Implement Email Verify (2000$)

P1 – Sensitif Information Leak on js File