Andmp | A blog about infosec, bug hunting and more!: bug bounty

Home
about
contact

Andmp | A blog about infosec, bug hunting and more!

"Good artists copy; great artists steal."

Just another web hacking and vulnerability research blog that details how I use existing knowledge and old ways to discover new vulns ;)

My Vulnerability Disclosure Policy
About Me
InfoSec

Breaking

Post Top Ad

Showing posts with label bug bounty. Show all posts

Saturday, 1 December 2018

How I managed to get an @Google.com email address, bypassing their previous patch!

ticket trick

Gopal Singh December 01, 2018 0

By Gopal Singh at December 01, 2018 No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: bug bounty, Business logic bugs, google, google issue tracker bug, hacking, hacking google, InfoSec, security, security testing, security writeup, ticket trick

Wednesday, 28 November 2018

Escalating SSRF in a Vulnerable Jira Instance to RCE via Docker Engine API

SSRF

nullptr November 28, 2018 0

By nullptr at November 28, 2018 No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: bug bounty, hacking, penetration testing, Reddit, security testing, SSRF

Older Posts Home

Post Bottom Ad

About Author

A Security Researcher and Bug Hunter based in India.

Author

Socialize

facebook count=3.5k;
Followers
twitter count=3.3k;
Followers
gplus count=735;
Followers
youtube count=2.8k;
Followers
pinterest count=524;
Followers
instagram count=849;
Followers

Blog Archive

▼ 2019 (7)
- ▼ May (1)
  - [Advisory] Unpatched URL Address Bar Spoofing Vuln...
- ► April (5)
- ► March (1)

► 2018 (5)
- ► December (1)
- ► November (1)
- ► August (1)
- ► February (1)
- ► January (1)

► 2017 (1)
- ► April (1)

Menu - Pages

Home

Recent

Xiaomi URL Address Bar spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi?

Introduction Are Chinese device makers on purpose making their software and OS insecure for international markets? Chinese manufactur...
[Unpatched Vulnerability] CVE-2019-11015: Lock Screen Auth Bypass leading to Sensitive Information Disclosure and an Improper Access Control issue in Xiaomi MIUI OS (latest stable releases affected)

So, as promised on Twitter, the wait ends, new security vulnerability full disclosure in Xiaomi! MiSRC team accepted and confirme...
[Advisory] Unpatched URL Address Bar Spoofing Vulnerability in UC Browser 12.11.2.1184 and UC Browser Mini 12.10.1.1192: With the same old one-liner payload...

Brief I discovered an URL Address Bar spoofing vulnerability in the latest version of the UC Browser 12.11.2.1184 and UC Browser Mini ...
This is how (easily) Indiamart gave away access to their Internal corporate secrets and Dev Instances

I tried to reach out to the IndiaMart folks regarding the security issues I found there but sadly didn't find a proper channel to repo...
The case of an unusual $10k worth content-based Blind SQLi in a Private Program

Blind SQL (Structured Query Language) injection is a type of SQL Injection attack that asks the database true or false questions and de...

Comments

Sponsor

Technology

Connect With us

34.2k likes

28.6k followers

8.6k subscribers

17.3k followers

About Me

An independent security researcher.
Learn More →

Contact Form

Name

Email *

Message *