Welcome!
I created this site as a way to document my bug bounty journey in the form of blogs. I hope they’re helpful and informative. 🙂 happy hacking!
-
Error-Based SQLi
This has been my favorite (and most rewarding) bug since I started my bug bounty journey. I was hacking on a private program testing for SQL injection on API endpoints that contained some data value in the URL (like /api/user/1234). I was fuzzing the value with typical characters you would use to test for SQLi…
-
IDOR Exposing PII
I was testing on a private program when I came across several endpoints that utilized a customer ID to retrieve information about that user’s account. I was going through each one testing for IDOR and not having any luck. The server was doing proper authorization checks and denying me access to other account’s data. I…