Mendapatkan Akses SMTP Melalui Celah SQL InjectionSaya menemukan celah keamanan ini pada website kampus saya, yang menggunakan aplikasi pihak ketiga (vendor) untuk sistem e-learning…Sep 241Sep 241
IDOR and Mass Assignment attacks leads to Full Account Takeover of Internal EmployeesHi everyone, I hope you are doing well. It’s been a while since I last published an article about my findings. In this article, I will…Sep 30, 2023Sep 30, 2023
How I was able to buy a product for free — $$$Hi everyone, I hope you are good. It’s been a long time I haven’t write again. So in this article I will share about my finding..Jan 31, 20221Jan 31, 20221
Chaining Open Redirect with XSS to Account TakeoverHello everyone, I hope you are well. In this article I will show you how I escalated XSS to Account Takeover. Since the target is private…Jul 29, 2021Jul 29, 2021
How To Find Original IP behind Cloudflare and Bypassed the WAF by CloudflareHello everyone, I hope you are good. Based on the title, in this article I will share “How To Find Original IP behind Cloudflare” and…Jul 12, 2021Jul 12, 2021
Bypass WAF 403 Forbidden lead to Cross Site Scripting (XSS)Hello everyone, in this article I will share “How I Bypassed WAF” to chaining a Relfected XSS.May 5, 20214May 5, 20214
Bug Bounty : Open Redirect pada web E-commerce IndonesiaHai, ini pertama kalinya saya menulis write-up jadi mohon maaf jika tulisan saya kurang dimengerti, pada tulisan ini saya akan share…Sep 21, 2020Sep 21, 2020