PinnedXSS + OAuth Misconfigs = Token Theft and ATOHi all, In this blog post, I will walk through finding an ATO via OAuth misconfigurations and stealing Auth Tokens through collaborative…Sep 30, 20245Sep 30, 20245
How Disabling 2FA Could End with a Bug?In 2023, I focused on hunting on HackerOne and found many logical flaws, resulting in achieving the 5th rank in the HackerOne program for…Oct 8, 20243Oct 8, 20243
How I Got $5,000 for Out-of-Scope XSSA few months ago, I received an invitation to a private bug bounty program on HackerOne. Initially, I did my usual testing and I discovered…Feb 24, 202414Feb 24, 202414
