Hello Everyone (Ram Ram Ji),

In this article, I will share one of my recent finding which is basically related to JS files. In which, i will tell you that how these JS files will help you to find a High Severity bugs.

If you are too lazy then I…

Hello Everyone (Ram Ram Ji),

This article is about an account takeover bug via host header poisoning. Redacted.com was vulnerable to host header injection in which remote attackers can exploit it to takeover any account of redacted.com.

Attacking Scenario:

As an attacker, I modified the POST request in which first I change…

Hello Everyone (Ram Ram Ji),

Today I wanna talk about one of my unique & quickest finding on HackerOne’s Private Program. It was all about an Admin Panel Access. So let’s get started.


1) Bypassing Scenario for admin login page:

I picked up one of their assets from that program and while accessing that URL i simply…

Shivam Kamboj Dattana

"CS-Engineer" | "Bughunter • Hackerone • Bugcrowd (Top 150)" | "Synack Red Teamer" • @sechunt3r

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store