Category Uncategorized

Vertical Privilege escalation

What is Vertical Privilege escalation? If a user can gain access to functionality that they are not permitted to access then this is vertical privilege escalation. For example, if a non-administrative user can in fact gain access to an admin page…

How I was able to get extra coins

What is Frida? It’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Frida also provides you with some simple tools built…

Banning users Race condition

What is race condition ? Multiple resources trying to access the same resource. For example: you are booking a train ticket online and only a single seat ( assume seat no:5 ) is there. now you book a ticket for…

Account takeover CSRF Misconfiguration

What is CSRF? Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the…

Using P3 Bug to escalate other P4 to P3

What is Sensitive Data Exposure? Sensitive Data Exposure occurs when an application does not adequately protect sensitive information. The data can vary and anything from passwords, Email-id, session tokens, credit card data to private health data and more can be…

API key

What is API? An application programming interface key is a unique identifier used to authenticate a user, developer, or calling program to an API. However, they are typically used to authenticate a project with the API rather than a human…