Hey everyone! This bypass is little bit interesting and you will get to learn a lot hopefully. So I was going through this website which actually deals with teacher’s login and education stuff (Government website). Let’s call this website “example.com”.

I would love to call them Frauds instead of hackers because they are using cheap social engineering tricks to manipulate naïve people and taking over their account. I’m damn sure that you all have encountered frauds over the internet. I have recently encountered one of the scenario which I would…

Hey Everyone! This is about another low-hanging fruit (I’m still not a pro) in one of the web applications listed by OpenBugbounty. For those of you who don’t know about OpenBugBounty, it is a responsible disclosure platform that allows independent security researchers to report XSS and similar security vulnerabilities on…

Hey Everyone! This is my second write-up and I have successfully caught another low-hanging fruit in one of the prominent online reseller’s web applications (Cannot disclose the name of the website, the issue is not resolved yet). I was exploring this web application manually which is running a self-hosted vulnerability…

Hey Everyone! I have recently started my vulnerability disclosure journey and this is my first write-up (many more to come. PS: Pray for me ). Instead of directly jumping into Bug bounty platforms I was looking for targets (Mostly the low hanging fruits to boost my confidence) through google dorks…

When it comes to data security, every minor detail is considered to be very important. In our daily life, we may be following some guidelines to protect our Digital private information on the various online platforms but the same awareness has faded away when it comes to the security of…

When it comes to the digital era, you are nothing but a unique collection of data. Every mobile application, social platform, or any digital and physical authority will recognize you only by the collection of data you present in front of them. Now imagine if someone else replicated a similar…

Do you want to test your locally hosted web server on the Internet without buying any public IP or Domain name ? NGROK is an application that enables you to expose your localhost server as a subdomain of ngrok.com without even registering for any Domain name. In simple words you…

Alluring the victims with the fake monetary honeypot is the infamous way of Phishing. I am sure that most of you have already encountered the messages and E-mails as shown in the screenshot (Figure 1). Human error is the major factor behind the success of these fraudulent efforts. The fire…