PinnedHacking cult.fit for unlimited free Gym sessionsNavigating the Race Conditions and Payload Manipulation Exploits in Cult.fit’s Gym Trial SystemNov 13, 20231Nov 13, 20231
PinnedHacking India’s Biggest Fintech Provider With a Simple IDORUnveiling the Threat of IDOR Vulnerabilities By Hacking a Fintech Provider EthicallyAug 25, 2023Aug 25, 2023
Cancelling everyone’s CultSport orders with IDORWhat if someone was able to cancel all the orders you placed? This write-up lists the details of an IDOR vulnerability within Cult Fit’s…Nov 29, 2023Nov 29, 2023
Hacking Bigbasket Ethically For Free GroceriesWho doesn’t love free groceries? In this write-up, I will be discussing a cart tampering vulnerability that I discovered in the popular…Dec 31, 2022Dec 31, 2022
The Million Dollar Hack 💰Hacking a leading gift card company with a simple IDOR + Race conditionAug 27, 20221Aug 27, 20221
Open Redirect Vulnerability On Zapier: An Accidental FindOpen Redirect Vulnerabilities have been around for a long time now, finding one can either be extremely easy, or at the same time can be…Nov 21, 2021Nov 21, 2021
Trusting Pre-domain Wildcard as Origin CSRF Attack — DevfolioCross Site Request Forgery (CSRF) attacks are the most common vulnerabilities on the web today, naturally they make their way into the…Aug 22, 2021Aug 22, 2021
How I found my first Subdomain Takeover vulnerabilityAbout the vulnerabilityAug 20, 20214Aug 20, 20214
