PinnedHacked ISP: IDOR Allowed Retrieving 1.5 Million Customer’s InformationHey guys!Apr 18, 20242Apr 18, 20242
Bypassing Admin Panel via Unprotected Registration EndpointDuring one of my routine bug-hunting sessions, I encountered a website with a visible login page but no registration option. Out of…Feb 161Feb 161
How Python Saves My Time: Automating Repetitive Tasks in Everyday WorkHello friends,Nov 28, 2024Nov 28, 2024
Removing request parameter to Bypass OTP verificationHello everyone, This is my fifth blog regarding Bug hunting. If you want to read my previous four blogs regarding my findings click on the…Sep 19, 2021Sep 19, 2021
How I found another SQLi on the Government website in just 5 minutesTwo months ago I started the journey of bug hunting of Kerala govt websites. In this journey, there are lots of vulnerabilities identified…Aug 21, 2021Aug 21, 2021
Three different types of SQL injection in one POST parameterHi everyone, I’m Sarathlal Srl (a.k.a SRLSEC) from India. SQL injection is my favorite attack so I always try to learn about it. In the…Aug 12, 20211Aug 12, 20211
Account Takeover by OTP BypassHello everyone, this is my 2nd write-up, the first one is about SQL Injection (click here to read). In this write-up I will be sharing the…Jul 12, 2021Jul 12, 2021
Time-Based SQL Injection to Dumping the DatabaseI have always been interested in testing the security of Government websites. This is my first real-world experience in INFOSEC I found SQL…Jul 3, 20212Jul 3, 20212
