PinnedHacking Bigbasket Ethically For Free GroceriesWho doesn’t love free groceries? In this write-up, I will be discussing a cart tampering vulnerability that I discovered in the popular…Dec 31, 20221Dec 31, 20221
PinnedHacking cult.fit for unlimited free Gym sessionsNavigating the Race Conditions and Payload Manipulation Exploits in Cult.fit’s Gym Trial SystemNov 13, 20231Nov 13, 20231
Cancelling everyone’s CultSport orders with IDORWhat if someone was able to cancel all the orders you placed? This write-up lists the details of an IDOR vulnerability within Cult Fit’s…Nov 29, 2023Nov 29, 2023
Hacking India’s Biggest Fintech Provider With a Simple IDORUnveiling the Threat of IDOR Vulnerabilities By Hacking a Fintech Provider EthicallyAug 25, 2023Aug 25, 2023
The Million Dollar Hack 💰Hacking a leading gift card company with a simple IDOR + Race conditionAug 27, 20221Aug 27, 20221
Open Redirect Vulnerability On Zapier: An Accidental FindOpen Redirect Vulnerabilities have been around for a long time now, finding one can either be extremely easy, or at the same time can be…Nov 21, 2021Nov 21, 2021
Trusting Pre-domain Wildcard as Origin CSRF Attack — DevfolioCross Site Request Forgery (CSRF) attacks are the most common vulnerabilities on the web today, naturally they make their way into the…Aug 22, 2021Aug 22, 2021
How I found my first Subdomain Takeover vulnerabilityAbout the vulnerabilityAug 20, 20214Aug 20, 20214