PinnedXSS + OAuth Misconfigs = Token Theft and ATOHi all, In this blog post, I will walk through finding an ATO via OAuth misconfigurations and stealing Auth Tokens through collaborative…Sep 30, 2024A response icon5Sep 30, 2024A response icon5
How Disabling 2FA Could End with a Bug?In 2023, I focused on hunting on HackerOne and found many logical flaws, resulting in achieving the 5th rank in the HackerOne program for…Oct 8, 2024A response icon3Oct 8, 2024A response icon3
How I Got $5,000 for Out-of-Scope XSSA few months ago, I received an invitation to a private bug bounty program on HackerOne. Initially, I did my usual testing and I discovered…Feb 24, 2024A response icon14Feb 24, 2024A response icon14
