PinnedBusiness logic: I can order anything from your account without paying for itIn this writeup, I will share my first finding of an application logic flaw, which I found in an e-commerce platform provider like shopify.Dec 25, 20242Dec 25, 20242
How I was able to delete a production backend server in my first finding.Hello folks, in this article I will tell you about my journey of finding a CSRF and using that to delete a backend php server in my first…Dec 30, 2024Dec 30, 2024
Bug Chain: pre-auth takeover to permanent access.Grey here! In this blog, I’ll share how I escalated a normal pre-authentication account takeover into a permanent access backdoor. Let’s…Dec 27, 2024Dec 27, 2024
Logic Flaw: Using Invitation Function to Block Other AccountsIn this blog, I'm gonna tell you a story, a story about an application logic flaw that let me block new enrollments of the target…Dec 27, 20241Dec 27, 20241