PinnedMonish BasaniwalHacking cult.fit for unlimited free Gym sessionsNavigating the Race Conditions and Payload Manipulation Exploits in Cult.fit’s Gym Trial SystemNov 13, 20231Nov 13, 20231
PinnedMonish BasaniwalHacking India’s Biggest Fintech Provider With a Simple IDORUnveiling the Threat of IDOR Vulnerabilities By Hacking a Fintech Provider EthicallyAug 25, 2023Aug 25, 2023
Monish BasaniwalCancelling everyone’s CultSport orders with IDORWhat if someone was able to cancel all the orders you placed? This write-up lists the details of an IDOR vulnerability within Cult Fit’s…Nov 29, 2023Nov 29, 2023
Monish BasaniwalHacking Bigbasket Ethically For Free GroceriesWho doesn’t love free groceries? In this write-up, I will be discussing a cart tampering vulnerability that I discovered in the popular…Dec 31, 2022Dec 31, 2022
Monish BasaniwalThe Million Dollar Hack 💰Hacking a leading gift card company with a simple IDOR + Race conditionAug 27, 20221Aug 27, 20221
Monish BasaniwalOpen Redirect Vulnerability On Zapier: An Accidental FindOpen Redirect Vulnerabilities have been around for a long time now, finding one can either be extremely easy, or at the same time can be…Nov 21, 2021Nov 21, 2021
Monish BasaniwalTrusting Pre-domain Wildcard as Origin CSRF Attack — DevfolioCross Site Request Forgery (CSRF) attacks are the most common vulnerabilities on the web today, naturally they make their way into the…Aug 22, 2021Aug 22, 2021
Monish BasaniwalHow I found my first Subdomain Takeover vulnerabilityAbout the vulnerabilityAug 20, 20214Aug 20, 20214