Out of Band XXE in an E-commerce IOS appWhile testing IOS app of the target application, I had found XXE vulnerability for which I’m going to share the writeup. Wanted to publish…Nov 19, 2020Nov 19, 2020
Published inInfoSec Write-upsPentesting an IOT based Biometric Attendance deviceDuring one of the Red Team engagements, I got a chance to pentest a Biometric attendance device which was often used by the client to mark…Sep 22, 20191Sep 22, 20191
[Case Study] OAuth Misconfiguration leads to Account TakeoverMost of the security vulnerabilities arises within the integration part due to the incorrect implementation of third party services…Sep 21, 20192Sep 21, 20192
[Case Study] Bypassing IDOR via Parameter PollutionWhile working on a pentest engagement, I found an interesting IDOR (Insecure Direct Object Reference) bypass using parameter pollution (a…Sep 21, 2019Sep 21, 2019
![[Case Study] OAuth Misconfiguration leads to Account Takeover](https://miro.medium.com/v2/resize:fill:160:106/1*emr-EIX81eVa9JWwOalI2w.jpeg)
![[Case Study] OAuth Misconfiguration leads to Account Takeover](https://miro.medium.com/v2/resize:fill:320:214/1*emr-EIX81eVa9JWwOalI2w.jpeg)
![[Case Study] Bypassing IDOR via Parameter Pollution](https://miro.medium.com/v2/resize:fill:160:106/1*HTa63wLh1g0_LH3whLcU6w.png)
![[Case Study] Bypassing IDOR via Parameter Pollution](https://miro.medium.com/v2/resize:fill:320:214/1*HTa63wLh1g0_LH3whLcU6w.png)
