Mahmoud HamedHow Disabling 2FA Could End with a Bug?In 2023, I focused on hunting on HackerOne and found many logical flaws, resulting in achieving the 5th rank in the HackerOne program for…Oct 81Oct 81
Mahmoud HamedXSS + OAuth Misconfigs = Token Theft and ATOHi all, In this blog post, I will walk through finding an ATO via OAuth misconfigurations and stealing Auth Tokens through collaborative…Sep 301Sep 301
Mahmoud HamedHow I Got $5,000 for Out-of-Scope XSSA few months ago, I received an invitation to a private bug bounty program on HackerOne. Initially, I did my usual testing and I discovered…Feb 2413Feb 2413
Mahmoud HamedTurning Self-XSS to Exploitable XSSIn this write-up, I will explain two cases of Self-XSS where I managed to escalate them into something impactful. Let’s jump right into the…Sep 25, 20235Sep 25, 20235
