Introduction Cross-Site Scripting (XSS) is a type of cyber attack in which an attacker injects malicious code into a website or web application. The injected code is usually in the form of a script, which is then executed by the victim’s web browser. …

Hi everyone, today’s story will be short because there are not many details in it. I got a private invitation to hunt in the program, once I opened the website, I used to check the place of images and JS files, because if they are uploaded on service like Amazon…

Hi all, in this story I will talk about several misconfiguration that I found related to the Amazon S3 Buckets. Also I will mention some tricks and tools that will help you to find this type of vulnerability. What is the important tools? At first and before use any other tools, you have to install…

Hi everyone, today I will talk about IDOR vulnerability that I found it in a insurance company that leaks the medical insurance documents of nearly 100,000 customers. At first, I will tell you a little story about how I found this company? One day, I applied for a visa to travel to Saudi Arabia, and among the requirements for obtaining a visa is to obtain…

Hi everyone, today I’m gonna took about vulnerability that I found it in Google. In fact, when I sent the report to Google, it wasn’t a vulnerability, but I will tell you how I escalated the risk and bypass rate limit. At first, I browsed Google drive looking for feature…

Hi all, today I will talk about first vulnerability I found it. At that time, I knew little about information security, so I was not do scan or something like that, I used to use the application as a normal user, but curiosity pushed me to find this vulnerability. How I found the vulnerability? One…

Hi everyone, today I’m gonna talk about vulnerability that I found it in IBM that allowed me to get full access on many services. At first, I opened shodan and searched for: Org:'ibm' tomcat I browsed some servers, but I didn’t find anything interesting, until I found this server and…