PinnedGit Exposure: How a Simple Oversight Led to a Critical Security FlawIn my recent exploration of web applications, I came across a significant security issue that I believe deserves attention. This discovery involved a popular application responsible for managing various user services. While I can't divulge the applic...Aug 12, 2024Β·2 min readΒ·531
Paytm's Broken Link FlawHello Everyone βββββI hope you all are doing well. This write-up is about the Paytm Broken Link Hijacking Vulnerability. Broken Link Hijacking (BLH) is a web-based attack where the attackers take over expired, stale, and invalid external links on cre...Jan 28, 2022Β·2 min readΒ·204
Peering into Grofers' Grafana: My Shodan EncounterHello People After a long time, I found one interesting bug in Grofers using a simple Shodan search. The vulnerability could have allowed an attacker to access the internal API monitoring dashboard of Grofers. This is my 2nd report to the Grofers Sec...Sep 8, 2021Β·2 min readΒ·113
Unlocking Dunzo's Internal DashboardHello Everyone! This write-up is about Dunzo's Sensitive Information Disclosure Vulnerability. The vulnerability could have allowed an attacker to access the internal monitoring dashboard of Dunzo. Subdomain Enumeration: I started with subdomain enum...Feb 20, 2021Β·1 min readΒ·146
Uncovering XSS on FlipkartHello Everyoneβ¦.I hope you all are doing well. This write-up is about Flipkart's Cross-site scripting Vulnerability. Cross-site scripting (XSS)Cross-site scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into ot...Feb 13, 2021Β·2 min readΒ·184
Decrypting Bigbasket's Insecure StorageHello Everyone! This is my first write-up. I am Lohith Gowda M (Security Engineer). Due to COVID-19, most of the employees got the work-from-home option. It helped me to learn something new in Bug Bounty. I started my bug bounty journey in June 2020....Feb 8, 2021Β·4 min readΒ·180
