Berawal dari Melamar Pekerjaan dan Berakhir dengan Data-Data Krusial bocorBaru baru ini, saya secara tidak sengaja menemukan sebuah kerentanan yang menyebabkan data-data krusial seperti KTP, KK, Akta Kelahiran…Jan 10Jan 10
Mendapatkan Akses SMTP Melalui Celah SQL InjectionSaya menemukan celah keamanan ini pada website kampus saya, yang menggunakan aplikasi pihak ketiga (vendor) untuk sistem e-learning…Sep 24, 20241Sep 24, 20241
IDOR and Mass Assignment attacks leads to Full Account Takeover of Internal EmployeesHi everyone, I hope you are doing well. It’s been a while since I last published an article about my findings. In this article, I will…Sep 30, 2023Sep 30, 2023
How I was able to buy a product for free — $$$Hi everyone, I hope you are good. It’s been a long time I haven’t write again. So in this article I will share about my finding..Jan 31, 20221Jan 31, 20221
Chaining Open Redirect with XSS to Account TakeoverHello everyone, I hope you are well. In this article I will show you how I escalated XSS to Account Takeover. Since the target is private…Jul 29, 2021Jul 29, 2021
How To Find Original IP behind Cloudflare and Bypassed the WAF by CloudflareHello everyone, I hope you are good. Based on the title, in this article I will share “How To Find Original IP behind Cloudflare” and…Jul 12, 2021Jul 12, 2021
Bypass WAF 403 Forbidden lead to Cross Site Scripting (XSS)Hello everyone, in this article I will share “How I Bypassed WAF” to chaining a Relfected XSS.May 5, 20214May 5, 20214
Bug Bounty : Open Redirect pada web E-commerce IndonesiaHai, ini pertama kalinya saya menulis write-up jadi mohon maaf jika tulisan saya kurang dimengerti, pada tulisan ini saya akan share…Sep 21, 2020Sep 21, 2020