While testing a web application as part of a bug bounty program, I uncovered a critical RCE vulnerability by chaining directory traversal with a subtle CSV parsing abuse. The exploit chain involved...

Introduction One of the issues I faced while testing a WebSocket-heavy application is that there aren’t many filtering options available for WebSocket traffic — unlike HTTP messages in Burp Suite....

Post-Dual Boot Cleanup – Reclaiming Lost Partition Space After Removing Ubuntu Introduction This isn’t my usual post about vulnerabilities, bug bounty, or web security. This time, it’s something ...

Introduction This was a blind XSS challenge where the goal was to read the admin’s cookie. The given website was called “Cookie Tracker” and had three functionalities: Store your cookie. See...

Introduction This blog post explores a recent finding I discovered in a bug bounty target. I stumbled upon a user enumeration issue that exposes email addresses without proper security measures. T...

Introduction Dependency Confusion is a security vulnerability that affects software dependencies in the software development process. It occurs when a public package manager installs an internal o...

I recently discovered a significant security vulnerability in a target. The vulnerability, HTTP request smuggling, allowed me to manipulate the application’s behavior, potentially compromising user...