PinnedPublished inInfoSec Write-upsA short story of Content Spoofing to HTML Injection in Apple using Dangling Markup InjectionContent Spoofing to HTML Injection in Apple. During the recon phase, I found itunesconnect.apple.com, subdomain of apple and after diggingOct 3, 20211Oct 3, 20211
Stored XSS in Google connected Apps EML, MHT Viewer with DriveThis is the story about a live bug that is still there with Google connected App EML, MHT Viewer with Drive. The motive for this blog is…Dec 12, 2020Dec 12, 2020
Web Application Security Assessment using Burp Community Edition | Part — 3| Audit Guidelines |…Account Takeover via Forgot Password — A Practical Attack Scenario of Host Header InjectionJun 28, 2020Jun 28, 2020
Web Application Security Assessment using Burp Community Edition | Part — 2| Audit Guidelines |…The blog [Part-2] basically covers how to check the web application vulnerability with Burp Community Edition. This blog will be very…Nov 30, 2019Nov 30, 2019
Web Application Security Assessment using Burp Community Edition | Part — 1 | Audit Guidelines |…The blog basically covers how to check to web application vulnerability with Burp Community Edition. This blog will be very helpful while…Nov 17, 2019Nov 17, 2019
Text Based Injection | Content Spoofing | Low Impact Common Web VulnerabilityText Based Injection: Text injection or Text-Based Injection(TBI) is an injection in which user input is reflected as it is in the…Nov 13, 20191Nov 13, 20191
Microsoft Bot Framework — Unvalidated File Upload | Online Service AcknowledgementsMicrosoft Bot Unvalidated File Upload: The security issue allows a malicious actor to upload any file without validating the extension or…Oct 15, 2019Oct 15, 2019
Google owned Blogger- Insecure Implementation of Request Limiter | Google Honourable Mentions |…Acknowledgment: Google Honourable Mentions (https://bughunter.withgoogle.com/rank/hm/8)May 7, 2019May 7, 2019