How I Found X-Forwarded Header Injection — Server Be Like, ‘Ab Toh Trust Issues Ho Rahe Hain!’ 😂
A fun and insightful story about finding a redirect vulnerability and SSRF caused by improper validation of X-Forwarded-* headers.
How I Found and Fixed XSS on a Website: A Bug Hunter’s Tale
The story of how I discovered an XSS vulnerability, crafted payloads to demonstrate redirection, and helped the site patch it.
Read WriteupAnother XSS Exploit: SVG onload Attack
A deep dive into SVG onload XSS payloads and how to prevent them.
Read WriteupMultiple Sensitive Data Leaks — A Deep Dive
A deep dive into publicly exposed files, their impact, and remediation steps.
Read WriteupHow I Found a Confidential Business Agreement on Wayback Machine
A surprising discovery of a sensitive business contract hidden in archived web pages.
Read WriteupHow I Hacked an E-Commerce Website & Found XSS
A fun story of finding XSS and HTML injection on an e-commerce site, with crafted payloads and GIF reactions.
Read Writeup🧠 XML-RPC Open, phpinfo() Public — But They Came to Hire from My College 💀
Open XML-RPC, phpinfo leak, directory listing — all on a company that came to recruit at my college.
Read Writeup☕ How I Redirected the Entire Startup to evil.com — With One Header
One X-Forwarded-Host header redirected an entire SaaS platform to evil.com. No WAF, no questions asked.
Read Writeup🛰️ So… I Made a Server Call Me Back. Unauthenticated SSRF via XML‑RPC
Exploiting pingback.ping on XML-RPC for unauthenticated SSRF — the server literally called me back.
Read Writeup🔐 How I Found Facebook and Google API Keys Hardcoded in an Android App
Hardcoded secrets in APKs are more common than you think. A deep dive into reverse engineering and security best practices.
Read Writeup☕ My First Critical Bug: Account Takeover with Just One Tiny Letter
How one tiny Unicode character opened the door to a full account takeover. A story of email normalization gone wrong.
Read WriteupHow an OAuth Misconfiguration Led to Account Takeover
Missing email verification turned a standard OAuth flow into a critical account pre-hijacking vector.
Read WriteupThe day Wayback pointed me to an admin panel — and why scope still wins
Finding an unauthenticated admin panel via archived URLs, and a lesson on bug bounty scope vs. technical impact.
Read WriteupHow I Accidentally Found a ‘Cache Magic Trick’ — aka Unauthenticated PURGE on Varnish
A deep dive into discovering an unauthenticated cache purge vulnerability, the potential impact (DoS, Latency), and how to fix it.
Read WriteupRun Claude Code for Free Using NVIDIA NIM
A comprehensive guide on running Claude Code locally for free using an NVIDIA NIM backend API server.
Read Writeup