bug hunting

Full Local File Read via Error Based XXE using XLIFF File

SSRF in PDF Renderer using SVG

From Git Folder Disclosure to Remote Code Execution

From Unvalidated Redirect and Parameter Tampering to Account Takeover

How I accidentally found Bug in Google Search Console

XSS to Account Takeover - Bypassing CSRF Header Protection and HTTPOnly Cookie

Exploiting Cookie Based XSS by Finding RCE

AWS Metadata Disclosure via "Hardcoded Host" Download Function

Reflected XSS on Error Page

How I Found Multiple Vulnerabilities on AntiHack.Me

Blind XSS on Internal Panel Tokopedia (Bahasa)