PinnedGit Exposure: How a Simple Oversight Led to a Critical Security FlawIn my recent exploration of web applications, I came across a significant security issue that I believe deserves attention. This discovery involved a popular application responsible for managing various user services. While I can't divulge the applic...Aug 12, 2024·2 min read·532
Paytm's Broken Link FlawHello Everyone I hope you all are doing well. This write-up is about the Paytm Broken Link Hijacking Vulnerability. Broken Link Hijacking (BLH) is a web-based attack where the attackers take over expired, stale, and invalid external links on cre...Jan 28, 2022·2 min read·204
Peering into Grofers' Grafana: My Shodan EncounterHello People After a long time, I found one interesting bug in Grofers using a simple Shodan search. The vulnerability could have allowed an attacker to access the internal API monitoring dashboard of Grofers. This is my 2nd report to the Grofers Sec...Sep 8, 2021·2 min read·115
Unlocking Dunzo's Internal DashboardHello Everyone! This write-up is about Dunzo's Sensitive Information Disclosure Vulnerability. The vulnerability could have allowed an attacker to access the internal monitoring dashboard of Dunzo. Subdomain Enumeration: I started with subdomain enum...Feb 20, 2021·1 min read·148
Uncovering XSS on FlipkartHello Everyone….I hope you all are doing well. This write-up is about Flipkart's Cross-site scripting Vulnerability. Cross-site scripting (XSS)Cross-site scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into ot...Feb 13, 2021·2 min read·208
Decrypting Bigbasket's Insecure StorageHello Everyone! This is my first write-up. I am Lohith Gowda M (Security Engineer). Due to COVID-19, most of the employees got the work-from-home option. It helped me to learn something new in Bug Bounty. I started my bug bounty journey in June 2020....Feb 8, 2021·4 min read·181
