A fast and convenient tool (API client) for your JS security tasks powered by jsmon.sh. What is jsmon-cli? A command-line interface designed to act as an API client for jsmon.sh. Whatever you can do at the webapp, most of these features can be used via jsmon-cli. It calls
Hello hackers! Today, I'll describe a way through which I got multiple privilege escalations. Background: It's a vast application with tenants and user roles. For testing basic privilege escalations first, I created two accounts: admin user and least privilege user. Least privilege user is the user with zero permissions or
Introduction Soft deletion is the process of showing that an entry is removed but not actually removed from the databases. Is it GDPR compliant? No. As per GDPR (General Data Protection Regulation), unauthorized access and unlawful processing of personal data protection must be there. I am Inderjeet Singh aka encodedguy,
API Excessive Data Exposure When the API sends extra response to the client than required, it is called as API Excessive Data Exposure. In layman's terms, client wants x but API sends x+y. Is x+y a bug? I am not saying x+y is a bug, but it
Summary: A payment application requires 2FA verification by your number and email both when editing user details including name, email or phone number. I found an easy bypass for the implemented 2FA flow through which an attacker can edit the user details without his phone/email access that finally leads