Categories
Uncategorized

banning users Race condition

What is race condition ? Multiple resources trying to access same resource. example: you are booking a train ticket online and only a single seat ( assume seat no:5 ) is there. now you book a ticket for that seat and at the same time some other person from the different locations also booking the […]

Categories
Uncategorized

INCREASING REWARD POINTS N NUMBER OF TIME

BUG: BUSINESS LOGIC Case Study As this was a private program all illustrations of vulnerabilities will be represented with the host as example.com The application is built to play Quiz and win reward points that can be used as money to play Quiz example: 10 reward points = 1 Rs to play a quiz you […]

Categories
Uncategorized

API key

What is API? An application programming interface key is a unique identifier used to authenticate a user, developer, or calling program to an API. However, they are typically used to authenticate a project with the API rather than a human user. Where to find? 1: Source code : Right click on web_application –> inspect element […]

Categories
Uncategorized

Tail of IDOR

What is IDOR? when a reference to an internal implementation object, such as a file or database key, is exposed to users without any other access control. In such cases, the attacker can manipulate those references to get access to unauthorized data. Case Study As this was a private program all illustrations of vulnerabilities will […]

Categories
Uncategorized

Using P3 Bug to escalate other P4 to P3

What is Sensitive Data Exposure? Sensitive Data Exposure occurs when an application does not adequately protect sensitive information. The data can vary and anything from passwords, Email-id, session tokens, credit card data to private health data and more can be exposed. Case Study As this was a private program all illustrations of vulnerabilities will be […]

Categories
Uncategorized

How I was Able To Bypass Email Verification

Case Study As this was a private program all illustrations of vulnerabilities will be represented with the host as example.com The application had a Registration page where a user could register a new Email-id and password which allowed him to log in to the application via the login page. Registration process Enter email-id and password […]