Hello security folks, before I start let me first introduce myself. I am jarvis0p, a college student in daylight and cyber security learner during shadows. This write up is going to be complete beginners friendly, a guide to perform 64-bit buffer overflow attack. Along the way you ll learn some
API Excessive Data Exposure When the API sends extra response to the client than required, it is called as API Excessive Data Exposure. In layman's terms, client wants x but API sends x+y. Is x+y a bug? I am not saying x+y is a bug, but it
Summary: A payment application requires 2FA verification by your number and email both when editing user details including name, email or phone number. I found an easy bypass for the implemented 2FA flow through which an attacker can edit the user details without his phone/email access that finally leads
Summary Attacker can login into any account by entering their phone number and confirmation OTP 1234. The target was not in production, 1234 must be hardcoded or used as a default OTP. Reproduction Steps 1. Go to foo.bar.target.com and click on Login. 2. Enter your phone number.
A scam is a dishonest or fraudulent scheme or activity conducted by individuals or groups to deceive or defraud others for personal gain. Scams are typically designed to manipulate victims into providing money, sensitive information, or access to their assets under pretences. Scammers employ various tactics such as false promises,