Hi all, in this story I will talk about several misconfiguration that I found related to the Amazon S3 Buckets.

Also I will mention some tricks and tools that will help you to find this type of vulnerability.

At first and before use any other tools, you have to install…


Hi everyone, today I will talk about IDOR vulnerability that I found it in a insurance company that leaks the medical insurance documents of nearly 100,000 customers.

One day, I applied for a visa to travel to Saudi Arabia, and among the requirements for obtaining a visa is to obtain…


Hi everyone, today I’m gonna took about vulnerability that I found it in Google. In fact, when I sent the report to Google, it wasn’t a vulnerability, but I will tell you how I escalated the risk and bypass rate limit.

At first, I browsed Google drive looking for feature…


Hi all, today I will talk about first vulnerability I found it. At that time, I knew little about information security, so I was not do scan or something like that, I used to use the application as a normal user, but curiosity pushed me to find this vulnerability.

One…


Hi everyone, today I’m gonna talk about vulnerability that I found it in IBM that allowed me to get full access on many services.

At first, I opened shodan and searched for: Org:'ibm' tomcat

I browsed some servers, but I didn’t find anything interesting, until I found this server and…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store