Hello everyone !!! Hope all are good and fine. I’m back again, in this is my report i well show How i found creative bug and how able to change the impact from low to high? Are you exciteabile???? Let’s go

Hello Amazing Hackers… Abdelhy khaled is Here In this in Article and I will talk about how I found Account Squatting due to OAuth misconfiguration in public bug bounty program Brief about what is an Account takeover vulnerability? OAuth is an authorization framework used to identify and authenticate users for an…

Hello Hunters! It’s been a while since my last write up, so i decide to share a fun experience that i had while hunting on a private program. What the hell is a captcha? From my point of view: The captcha solver is mostly used to avoid bots and ensure…

Hello folks! My name is Abdelhy khaled, I am Security Researcher & Bug Bounty Hunter in this blog i will show my methodology to bypass csrf token with 5 different methods What is Cross-Site Request Forgery (CSRF)? Cross site request forgery is a web application vulnerability attack vector that basically tricks the web browser into performing…

Hello folks! My name is Abdelhy khaled, I am Security Researcher & Bug Bounty Hunter .I found an IDOR on ticket support which allows me to view any ticket submitted to the support team by the User . So, before going into deep let’s have a look what is IDOR? What is IDOR? …