Open in app
Home
Notifications
Lists
Stories

Write
Vaibhav Kumar Srivastava
Vaibhav Kumar Srivastava

Home

Jun 26

Bypassing Cloudflare WAF with Host header manipulation

Hey Folks! Thanks for your responses on my last blog. Let’s learn something new today as it is going to be damn interesting one. If you have been into web application Pentesting you must have encountered or got stopped by Cloudflare for sure. Cloudflare secures and ensures the reliability of…

Bug Bounty

3 min read

Bypassing Cloudflare WAF with Host header manipulation
Bypassing Cloudflare WAF with Host header manipulation

Jun 19

Account Takeover by OTP bypass

Hey everyone! This bypass is little bit interesting and you will get to learn a lot hopefully. So I was going through this website which actually deals with teacher’s login and education stuff (Government website). Let’s call this website “example.com”.

Bug Bounty

3 min read

Account Takeover by OTP bypass
Account Takeover by OTP bypass

Jun 18

Frauds on Instagram (Part 1)

I would love to call them Frauds instead of hackers because they are using cheap social engineering tricks to manipulate naïve people and taking over their account. I’m damn sure that you all have encountered frauds over the internet. I have recently encountered one of the scenario which I would…

Instagram

4 min read

Frauds on Instagram (Part 1)
Frauds on Instagram (Part 1)

Jan 16

Bug Type: HTML injection in confirmation Email !

Hey Everyone! This is about another low-hanging fruit (I’m still not a pro) in one of the web applications listed by OpenBugbounty. For those of you who don’t know about OpenBugBounty, it is a responsible disclosure platform that allows independent security researchers to report XSS and similar security vulnerabilities on…

Cybersecurity

3 min read

Bug Type: HTML injection in confirmation Email !
Bug Type: HTML injection in confirmation Email !

Dec 3, 2021

Bug type: Stored Cross Site Scripting (XSS) and HTML Injection — Part 2

Hey Everyone! This is my second write-up and I have successfully caught another low-hanging fruit in one of the prominent online reseller’s web applications (Cannot disclose the name of the website, the issue is not resolved yet). I was exploring this web application manually which is running a self-hosted vulnerability…

Bug Bounty

2 min read

Bug type: Stored Cross Site Scripting (XSS) and HTML Injection — Part 2
Bug type: Stored Cross Site Scripting (XSS) and HTML Injection — Part 2

Nov 27, 2021

Bug type: Stored Cross Site Scripting (XSS) and HTML Injection.

Hey Everyone! I have recently started my vulnerability disclosure journey and this is my first write-up (many more to come. PS: Pray for me ). Instead of directly jumping into Bug bounty platforms I was looking for targets (Mostly the low hanging fruits to boost my confidence) through google dorks…

Bug Bounty

3 min read

Bug type: Stored Cross Site Scripting (XSS) and HTML Injection.
Bug type: Stored Cross Site Scripting (XSS) and HTML Injection.

May 12, 2021

Order Receipt: Gateway to Phishing

When it comes to data security, every minor detail is considered to be very important. In our daily life, we may be following some guidelines to protect our Digital private information on the various online platforms but the same awareness has faded away when it comes to the security of…

Cybersecurity

2 min read

Order Receipt: Gateway to Phishing
Order Receipt: Gateway to Phishing

Mar 25, 2021

Photocopy or Identity theft ??

When it comes to the digital era, you are nothing but a unique collection of data. Every mobile application, social platform, or any digital and physical authority will recognize you only by the collection of data you present in front of them. Now imagine if someone else replicated a similar…

Identity

3 min read

Photocopy or Identity theft ??
Photocopy or Identity theft ??

Feb 26, 2021

NGROK: Secure Tunnel to Localhost

Do you want to test your locally hosted web server on the Internet without buying any public IP or Domain name ? NGROK is an application that enables you to expose your localhost server as a subdomain of ngrok.com without even registering for any Domain name. In simple words you…

Ngrok

5 min read

NGROK: Secure Tunnel to Localhost
NGROK: Secure Tunnel to Localhost

Feb 18, 2021

Scam Investigation: Fraud Bank Text Message || Human Error

Alluring the victims with the fake monetary honeypot is the infamous way of Phishing. I am sure that most of you have already encountered the messages and E-mails as shown in the screenshot (Figure 1). Human error is the major factor behind the success of these fraudulent efforts. The fire…

Scam

4 min read

Scam Investigation: Fraud Bank Text Message || Human Error
Scam Investigation: Fraud Bank Text Message || Human Error
Vaibhav Kumar Srivastava

Vaibhav Kumar Srivastava

ERP Expert | Masters in Information Security

Following
  • Thexssrat

    Thexssrat

  • Vickie Li

    Vickie Li

  • Cristian Cornea

    Cristian Cornea

  • vFlexo

    vFlexo

  • Jai Sharma

    Jai Sharma

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable