Summary: When doing recon on Yahoo assets during Hackerone AWC 2023, I found a host foo.bar.yahoo.com. I thought it must be some internal tool for engineers, few pages are listed but clicking on any of the pages redirects to Okta SSO. I found a bug during black
Summary This bug allowed me to access a Management Information System Portal by bruteforcing common passwords. The admin panel allows changing theatre names, theatre status, changing ticket prices, user management, viewing system logs, etc. in South Asian countries. Reproduction Steps 1. Find all the ASNs owned by The Walt Disney
Introduction: In today's interconnected digital landscape, websites play a crucial role in establishing an online presence and attracting visitors. However, the growing threat of Cross-Site Scripting (XSS) attacks poses a significant risk to both search engine optimization (SEO) efforts and website reputation. In this blog post, we will explore how
Hi folks! Hope you are doing great. This is Aravind (aravind0x7) here with an awesome write-up. I will discuss about one of my past finding on target.com(can’t reveal site here) where I was able to change the profile picture of any user of that website by just