Hi everyone, today I will talk about IDOR vulnerability that I found it in a insurance company that leaks the medical insurance documents of nearly 100,000 customers.

At first, I will tell you a little story about how I found this company?

One day, I applied for a visa to travel to Saudi Arabia, and among the requirements for obtaining a visa is to obtain medical insurance from an insurance company, I chose this company and let’s call it Example company. After I paid the fees for this company, they sent me URL of my medical insurance document, and the URL was like this:

https://document.example.com/1682425711431052.pdf

The file name was the same as the insurance policy…


Hi everyone, today I’m gonna took about vulnerability that I found it in Google. In fact, when I sent the report to Google, it wasn’t a vulnerability, but I will tell you how I escalated the risk and bypass rate limit.

At first, I browsed Google drive looking for feature to misuse it and I found this feature..


Hi all, today I will talk about first vulnerability I found it. At that time, I knew little about information security, so I was not do scan or something like that, I used to use the application as a normal user, but curiosity pushed me to find this vulnerability.

How I found the vulnerability?

One day, my friend came to me to request a trip for his friend, when the driver arrived I wanted to give the driver number to my friend to give it to his friend to communicate with the driver, at that time I knew that Uber protects the numbers of drivers…


Hi everyone, today I’m gonna talk about vulnerability that I found it in IBM that allowed me to get full access on many services.

At first, I opened shodan and searched for: Org:'ibm' tomcat

I browsed some servers, but I didn’t find anything interesting, until I found this server and let’s call it x.x.x.x, when I ran ffuf on it, I found “logs” as exposed endpoint. So I opened my browser to visit this endpoint, and as expected, I found more than one folder containing logs file for employees.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store