#penetration-testing

Articles tagged with #penetration-testing

OAuth Misconfiguration Leading to Unauthorized Admin Access For All Org Products
TL;DR ? I signed up using any unclaimed email on application_2 (e.g., [email protected]) due to no email verification, then logged into the victim's account on application_1 using the SSO feature that allowed me to log in using application_2. Introd...
Sep 18, 20233 min read1.8K
Taking Over an Entire Organization - A Journey Through Multiple Bugs
Introduction Today, I want to share a thrilling adventure, a tale of how a few seemingly harmless bugs can snowball into a security nightmare. Through collaborative work with my friend DreyAnd back in April 2023, we managed to expose vulnerabilities ...
Jun 12, 20234 min read2.6K
Subdomain Takeover leading to Full Account Takeover
Introduction In this blog post, I will walk you through the discovery of a critical vulnerability in redacted.com. This vulnerability allowed me to take over any user's account by exploiting a subdomain takeover, which led to account takeovers due to...
May 8, 20232 min read4.1K