Hi everyone, today I’m gonna took about vulnerability that I found it in Google. In fact, when I sent the report to Google, it wasn’t a vulnerability, but I will tell you how I escalated the risk and bypass rate limit.
At first, I browsed Google drive looking for feature to misuse it and I found this feature..
Hi all, today I will talk about first vulnerability I found it. At that time, I knew little about information security, so I was not do scan or something like that, I used to use the application as a normal user, but curiosity pushed me to find this vulnerability.
How I found the vulnerability?
One day, my friend came to me to request a trip for his friend, when the driver arrived I wanted to give the driver number to my friend to give it to his friend to communicate with the driver, at that time I knew that Uber protects the numbers of drivers…
Hi everyone, today I’m gonna talk about vulnerability that I found it in IBM that allowed me to get full access on many services.
At first, I opened shodan and searched for: Org:'ibm' tomcat
I browsed some servers, but I didn’t find anything interesting, until I found this server and let’s call it x.x.x.x, when I ran ffuf on it, I found “logs” as exposed endpoint. So I opened my browser to visit this endpoint, and as expected, I found more than one folder containing logs file for employees.
