So in December I decided to hunt on Facebook, and chose to go with the Facebook Android App I was analyzing the Facebook app’s password recovery flow. I noticed that the following endpoint was being used. When a user enters his email/phone number his email is supplied in the following…

I love hunting on small scoped websites cause i can be assured that i have seen every corner and analyzed every endpoint of the that website Program had 2 scopes. target.com and admin.target.com Now, since the website had not provided any credentials for admin.target.com …

Like every website, the most interesting endpoint is always the image upload section. So I fired my burp and was checking how the images are getting stored. First thing i noticed was the image was uploaded in aws.So as always i checked for misconfigured aws for read/write access. …

This was one of the interesting bug that i found on a target. The vulnerability lied in the website’s password reset page. In order to reset the password an user required two things.(his username and his email) It was a OTP based password reset mechanism. There were 3 steps to…