mastomi Pentester • Bug Hunter • Security Enthusiast Just another noob post.

Full Local File Read via Error Based XXE using XLIFF File

I like finding bugs in apps that have a lot of features. The more complex the application, the more likely there are bugs in it.

SSRF in PDF Renderer using SVG

I had the opportunity to do Bug Hunting activities in one of the Private Programs at Bugcrowd. In this program, there is a complex application with various features. One of the highlights is converting objects to PDF, JPG, PNG files from SVG.

From Git Folder Disclosure to Remote Code Execution

A few moments ago I did Bug Hunting activities in one of the Private Programs at Bugcrowd. As usual, the hunting process begins with Recon and Enumeration. The hunting process is carried out on this target in Blackbox. No credentials are provided, and the app's front page is just a login page.

From Unvalidated Redirect and Parameter Tampering to Account Takeover

In this simple write-up, I would like to tell how I found an Account Takeover vulnerability with a unique method. There's no special or unique bypass thing. Just try to find another exploitation way.

How I accidentally found Bug in Google Search Console

In this simple write-up, I would like to tell how I found an Access Control bug in the Google Search Console application, where I can get information related to the domain that I added to the application even though I did not successfully verify the domain.

XSS to Account Takeover - Bypassing CSRF Header Protection and HTTPOnly Cookie

When doing a Bug Hunting and finding a Stored XSS bug, usually the imagination will get a big enough bounty has been spinning around on the head. But sometimes the imagination fades when we try to insert document.cookie into the XSS payload, and what appears is..

Exploiting Cookie Based XSS by Finding RCE

While doing Bug Bounty Hunting, I found a Cookie Based XSS Vulnerability on a website. Cookie Based XSS basically is a Self XSS. It will be very unfortunate if the findings were reported and only got Very Low Severity, which for the severity, there was no Bounty or Points given.

AWS Metadata Disclosure via "Hardcoded Host" Download Function

Sometimes, when visiting a website, we find a link to download files from that site. The downloaded file can be a guide, tutorial, or another document.

Reflected XSS on Error Page

Sometimes to exploit an XSS (specifically Reflected XSS), we are focused on finding input pages such as Search Columns and etc. to find out is that form has an XSS vulnerability or not.

How I Found Multiple Vulnerabilities on AntiHack.Me is a Singaporean Bug Bounty Platform site. After seeing this platform well known, I decided to create an account there. After successfully creating an account, the user will be provided with information regarding the Bug Bounty Program found at AntiHack, and the AntiHack site itself is included in the program.

Blind XSS on Internal Panel Tokopedia (Bahasa)

Belakangan ini saya sedang fokus mempelajari salah satu jenis kerentanan XSS yang disebut Blind XSS. Kerentanan XSS ini menarik karena tidak seperti XSS pada umumnya, payload yang dikirim akan ter-eksekusi di laman yang berbeda.