IDOR in Google APIs

Reported to Google – Published On: 10 Jun 2020

Read Full Writeup

Reflected XSS in Microsoft Social Forums

Reported to Microsoft – Published On: 11 Apr 2020

Read Full Writeup

Broken Authentication in Two Step Verification

Reported to Avira – Published On: 08 Nov 2019

Read Full Writeup

Viewing Facebook Contacts On Locked Device

Reported to Facebook – Published On: 31 Oct 2019

Read Full Writeup

Abusing Post Service (Create Unlimited Posts)

Reported to LinkedIn  – Published On: 15 Oct 2019

Read Full Writeup

IDOR & SQL Query Manipulation to Fetch User Details

Reported to Private – Published On: 23 Oct 2020

Read Full Writeup

Open Redirect

Reported to Private – Published On: 14 Jul 2020

Read Full Writeup

Crashing Chat Bot System

Reported to Maximum – Published On: 21 Aug 2020

Read Full Writeup

Bypass CSRF Protection Lead to Account Takeover

Reported to Private – Published On: 30 May 2020

Read Full Writeup

XSS on Change Folder Name

Reported to Private – Published On: 14 May 2020

Read Full Writeup

CSRF – Close Account

Reported to U.S. Dept Of Defense – Published On: June 11, 2020

Read Full Writeup

Flaw in Change Email https://youtu.be/MMvlcHIGs2A

Reported to Staging.Every.org – Published On: March 24, 2020

Read Full Writeup

CSRF – Modify Company Info

Reported to U.S. Dept Of Defense – Published On: June 11, 2020

Read Full Writeup

CSRF – Modify Project Settings

Reported to U.S. Dept Of Defense – Published On: February 3, 2020

Read Full Writeup

Internal IP Address Disclosed

Reported to U.S. Dept Of Defense – Published On: May 14, 2020

Read Full Writeup