Out of Band XXE in an E-commerce IOS appWhile testing IOS app of the target application, I had found XXE vulnerability for which I’m going to share the writeup. Wanted to publish…Nov 19, 2020Nov 19, 2020
Published inInfoSec Write-upsPentesting an IOT based Biometric Attendance deviceDuring one of the Red Team engagements, I got a chance to pentest a Biometric attendance device which was often used by the client to mark…Sep 22, 20191Sep 22, 20191
[Case Study] OAuth Misconfiguration leads to Account TakeoverMost of the security vulnerabilities arises within the integration part due to the incorrect implementation of third party services…Sep 21, 20192Sep 21, 20192
[Case Study] Bypassing IDOR via Parameter PollutionWhile working on a pentest engagement, I found an interesting IDOR (Insecure Direct Object Reference) bypass using parameter pollution (a…Sep 21, 2019Sep 21, 2019