🐞Vulnerabilities & Techniques
- Web Vulnerabilities
- API Vulnerabilities
  - Mass Assignment Vulnerability
🚩CTF
- ASCWG
✍️Writeups
- Read Writeups
  - REST API WriteUps
  - Web Vulnerabilities WriteUps
- Technical Writeups
  - Reset Password Poisoning Via Host Header Injection Lead to (ATO)
  - OTP/2FA Bypasses
    OTP bypasses
😈TryHackMe
- THM Advent of Cyber 3 (2021) NoSQL WriteUp
🔱Web-CyberTalents
🖇️Pentesting & Bug Hunting Tips
💻Port-Swigger Labs
🛜Wireless Networks Penetration Testing
⚔️Wi-Fi Attacks
Lab Notes
RFID and NFC
Bluetooth
ZigBee
Google Map Test

Powered by GitBook

On this page

✍️Writeups

Read Writeups

REST API WriteUps

PreviousRead Writeups NextWeb Vulnerabilities WriteUps

Last updated 3 months ago

Web

breaking-parse-logic-gain-access-to-Nginx-API-read-write-upstreams
Information disclosure via API misconfiguration
API Misconfiguration which leads to unauthorized access to ServiceDesk tickets
Secret Key Exposure in API Config Directory
Let’s know How I have explored the buried secrets in the Xamarin application
Exploiting Application-Level Profile Semantics (APLS)
API based IDOR to leaking Private IP addresses of 6000 businesses
Exploiting API with AuthToken
JS is l0ve ❤️ $5K for Rest API Key. by Shivam Kamboj Dattana Medium
How An API Misconfiguration Can Lead To Your Internal Company Data
https://blogs.ad3sh.com/2020/06/api-endpoint-leads-to-account-takeover.html
API secret key Leakage leads to disclosure of Employee’s Information
Bug Bounty: Broken API Authorization
Privilege Escalation using an API endpoint
Full Account Takeover via Changing Email And Password of any User through API Parameters
Parameter Pollution issue in API resulting in $XXX
Web Cache Deception to API endpoint attack using cached token header
How Misconfigured API leak user private information?
Abusing internal API to achieve IDOR in New Relic
Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information
Fabric.io API permission apocalypse – Privilege Escalations
[NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through the internal_api endpoint
IDOR via internal_api “users” endpoint
Restricted users can view all account invoices, payment method details, PII of the account owner through zoura_api endpoints
IDOR- Activate Mopub on different organizations- steal API token- Fabric.io
flash content type sniff vulnerability in api.slack.com, resolved
User guessing/enumeration at https://app.c2fo.com/api/password-reset, resolved

Mobile

https://abss.me/posts/fcm-takeover/
https://web.archive.org/web/20210519175048/https://blog.dixitaditya.com/bypassing-google-maps-api-key-restrictions/
https://web.archive.org/web/20210412151532/https://blogs.ad3sh.com/2020/06/api-endpoint-leads-to-account-takeover.html
Hacking SMS API Service Provider of a Company Android App Static Security Analysis Bug Bounty POC

Resources:

http://h1.nobbd.de/
https://pentester.land/list-of-bug-bounty-writeups.html
https://hackerone.com/hacktivity?querystring=api
https://raw.githubusercontent.com/besioo/hackerone/main/reports.csv