Category: bug-bounty

What do Netcat, SMTP and self XSS have in common? Stored XSS
bug-bounty, BugBountywriteup

What do Netcat, SMTP and self XSS have in common? Stored XSS

If you are reading this you are probably wondering what is this? is this some kind of a joke? The answer is No, and it ... Read More

Wrong Swipe, Tinder!
bug-bounty, BugBountywriteup

Wrong Swipe, Tinder!

Note: The following article was published on 16/07/2019 on https://FogMarks.comToday’s case-study does not involve any vulnerability at all.Yes — you heard me. No XSSes, no open redirects, ... Read More

1-Click Account Takeover in Virgool.io — a Nice Case Study
bug-bounty, BugBountywriteup

1-Click Account Takeover in Virgool.io — a Nice Case Study

1-Click Account Takeover in Virgool.io — a Nice Case StudyHello, Virgool is a light, Iranian version of meduim.com, recently I found 1-click account takeover vulnerability in their product.Virgool gives ... Read More

API — A. P.otentially I.diotic — Threat
bug-bounty, BugBountywriteup

API — A. P.otentially I.diotic — Threat

API — A. P.otentially I.diotic — ThreatNote: The following article was published on 25/12/2016 on https://FogMarks.comHappy Hanukkah and Marry Christmas to you all!The end of the year is always a ... Read More

Knocking the IDOR
bug-bounty, BugBountywriteup

Knocking the IDOR

Note: The following article was published on 27/11/2016 on https://FogMarks.com credit: actionplusbb Sorry for the no-new-posts-November, FogMarks has been very busy experiencing new fields and ... Read More

Beginner’s Guide to recon automation.
bug-bounty, BugBountywriteup

Beginner’s Guide to recon automation.

RECON LIKE A PRO!Hello hackers, I am ashish jha yet again with all of you , It’s been a long time since i wrote, So i had ... Read More

Page Admin Disclosure || Facebook Bug Bounty 2019
bug-bounty, BugBountywriteup

Page Admin Disclosure || Facebook Bug Bounty 2019

Page Admin Disclosure | Facebook Bug Bounty 2019Hello everyone, I have not written a blog for a long time, so I thought of writing it in. ... Read More

Deploy a private Burp Collaborator Server in Azure
bug-bounty, BugBountywriteup

Deploy a private Burp Collaborator Server in Azure

A short time ago, I had to set up a private Burp Collaborator Server to avoid possible leaks of my client´s sensitive information. I want ... Read More

Digging Android Applications — Part 1 — Drozer + Burp
android-security, bug-bounty

Digging Android Applications — Part 1 — Drozer + Burp

Digging into Android Applications — Part 1 — Drozer + BurpHello, in this post I’m going to solve the first section of Andrill:Andrill is a android mobile application interacting with ... Read More