PinnedRishu RanjaninInfoSec Write-upsA short story of Content Spoofing to HTML Injection in Apple using Dangling Markup InjectionContent Spoofing to HTML Injection in Apple. During the recon phase, I found itunesconnect.apple.com, subdomain of apple and after digging3 min read·Oct 3, 2021----
Rishu RanjanStored XSS in Google connected Apps EML, MHT Viewer with DriveThis is the story about a live bug that is still there with Google connected App EML, MHT Viewer with Drive. The motive for this blog is…2 min read·Dec 12, 2020----
Rishu RanjanWeb Application Security Assessment using Burp Community Edition | Part — 3| Audit Guidelines |…Account Takeover via Forgot Password — A Practical Attack Scenario of Host Header Injection2 min read·Jun 28, 2020----
Rishu RanjanWeb Application Security Assessment using Burp Community Edition | Part — 2| Audit Guidelines |…The blog [Part-2] basically covers how to check the web application vulnerability with Burp Community Edition. This blog will be very…2 min read·Nov 30, 2019----
Rishu RanjanWeb Application Security Assessment using Burp Community Edition | Part — 1 | Audit Guidelines |…The blog basically covers how to check to web application vulnerability with Burp Community Edition. This blog will be very helpful while…3 min read·Nov 17, 2019----
Rishu RanjanText Based Injection | Content Spoofing | Low Impact Common Web VulnerabilityText Based Injection: Text injection or Text-Based Injection(TBI) is an injection in which user input is reflected as it is in the…3 min read·Nov 13, 2019--1--1
Rishu RanjanMicrosoft Bot Framework — Unvalidated File Upload | Online Service AcknowledgementsMicrosoft Bot Unvalidated File Upload: The security issue allows a malicious actor to upload any file without validating the extension or…4 min read·Oct 15, 2019----
Rishu RanjanGoogle owned Blogger- Insecure Implementation of Request Limiter | Google Honourable Mentions |…Acknowledgment: Google Honourable Mentions (https://bughunter.withgoogle.com/rank/hm/8)2 min read·May 7, 2019----