PinnedMonish BasaniwalHacking cult.fit for unlimited free Gym sessionsNavigating the Race Conditions and Payload Manipulation Exploits in Cult.fit’s Gym Trial System4 min read·Nov 13, 2023--1--1
PinnedMonish BasaniwalHacking India’s Biggest Fintech Provider With a Simple IDORUnveiling the Threat of IDOR Vulnerabilities By Hacking a Fintech Provider Ethically3 min read·Aug 25, 2023----
Monish BasaniwalCancelling everyone’s CultSport orders with IDORWhat if someone was able to cancel all the orders you placed? This write-up lists the details of an IDOR vulnerability within Cult Fit’s…3 min read·Nov 29, 2023----
Monish BasaniwalHacking Bigbasket Ethically For Free GroceriesWho doesn’t love free groceries? In this write-up, I will be discussing a cart tampering vulnerability that I discovered in the popular…3 min read·Dec 31, 2022----
Monish BasaniwalThe Million Dollar Hack 💰Hacking a leading gift card company with a simple IDOR + Race condition6 min read·Aug 27, 2022--1--1
Monish BasaniwalOpen Redirect Vulnerability On Zapier: An Accidental FindOpen Redirect Vulnerabilities have been around for a long time now, finding one can either be extremely easy, or at the same time can be…2 min read·Nov 21, 2021----
Monish BasaniwalTrusting Pre-domain Wildcard as Origin CSRF Attack — DevfolioCross Site Request Forgery (CSRF) attacks are the most common vulnerabilities on the web today, naturally they make their way into the…3 min read·Aug 22, 2021----
Monish BasaniwalHow I found my first Subdomain Takeover vulnerabilityAbout the vulnerability4 min read·Aug 20, 2021--3--3