Gaurang BhatnagarOut of Band XXE in an E-commerce IOS appWhile testing IOS app of the target application, I had found XXE vulnerability for which I’m going to share the writeup. Wanted to publish…3 min read·Nov 19, 2020----
Gaurang BhatnagarinInfoSec Write-upsPentesting an IOT based Biometric Attendance deviceDuring one of the Red Team engagements, I got a chance to pentest a Biometric attendance device which was often used by the client to mark…4 min read·Sep 22, 2019--1--1
Gaurang Bhatnagar[Case Study] OAuth Misconfiguration leads to Account TakeoverMost of the security vulnerabilities arises within the integration part due to the incorrect implementation of third party services…3 min read·Sep 21, 2019--2--2
Gaurang Bhatnagar[Case Study] Bypassing IDOR via Parameter PollutionWhile working on a pentest engagement, I found an interesting IDOR (Insecure Direct Object Reference) bypass using parameter pollution (a…3 min read·Sep 21, 2019----