Hello guys
Today we’re going to talk about how you managed to bypass rate limiting
In one of the US Department of Defense sites
But I will explain in detail about this bug in another article and ways to overcome it in detail. Do not forget to review the rest of the articles that I submit on my account here on medium .

While touring one of the US Department of Defense websites, I found the feature to participate by entering my personal email to receive notifications about any update
I put my email and intercept request using burp suite
then i…

My First Bounty (idor)

There is no despair with life, no life with despair

بسم الله الرحمن الرحيم

First of all, this is my first article. I benefited a lot from this platform, and I want to thank everyone who contributed to publishing articles that benefited everyone. So I would love to also participate in informing others about what I teach him.
This is a long road, my friend. Everyone has passed here and have crossed difficulties at the beginning of learning, so do not despair and keep learning.

What is Idor attack ?

Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly.


FCKeditor is a lightweight text editor to be used in web pages and upload file too.

let’s start

1-using this dork inurl /editor/filemanager/connectors/test.html

2-you must know which programming languages ​​was the site programmed?

then choose programming languages from Connector:

and web server too

for example website in poc that i will attach it using ASP.Net

then click on Get Folders and Files

3-you can put partition name if website host in windows server

https://target.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=C:/ >>>>>>(windows server)


c:/inetpub/wwwroot/target/web.config = https://target.com/web.config

if you use this payload


folders and file you will see is website folders and files

so if you…

what’s ssrf ?

Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.


1-you can use this dorks to find vulnerable sites

inurl /editor/filemanager/connectors/uploadtest.html

2-after going to vulnerable page you will find filed “Custom Uploader URL: ”

3-right click then choose inspect element, click on pick an element from the page , select field Custom Uploader URL:

4-in elements “<input id=”txtCustomUrl” style=”WIDTH: 100%; BACKGROUND-COLOR: #dcdcdc” disabled=”” type=”text”>”

delete disabled=””

5-now you can put url start with…

Before I start explaining how I found this bug.I will talk about Account Takeovers Methodologies

Account Takeovers Methodologies:-

  • CSRF
  • No rate limit on login with weak password policy
  • Token leaks Via Referrer
  • Sensitive data exposure
  • Password reset poisoning
  • Auth Bypass
  • Steal cookies with Xss

Now let’s tell you about the steps for finding this bug


1-After creating two accounts (first as a hacker account ,second email as a victim account)

2-I go to reset password And you entered your email

3-I go to my email (hacker email ) then open link

4- I find page enter email ,password and repeat password


Hello hackers
Today we'll talk about how to bypass rate limiting
via Bypass Captcha
This article will be brief, meaning that we will explain the rate limiting in detail and Bypass Captcha in a later lesson.

what is rate Limiting ?

Rate limiting is a strategy for limiting network traffic. It puts a cap on how often someone can repeat an action within a certain timeframe.

what is captcha?

Captcha is used mostly for security reasons we can use it to prevent:-

CSRF attacks, No Rate limit attacks, Brute Forcing , etc.

Let's talk today about my experience with captcha.I entered one of the hackerone programs Looking for…

what is Privilege Escalation?

Privilege escalation vulnerabilities are security issues that allow users to gain more permissions and a higher level

Hello guys,who love to hack .Today I will talk about how I got this bug. It’s easy. All you have to do is focus and take time to think

While I was roaming in bugcrowd programs, I entered one of the programs that give points and logged into that program

Then I went into the settings and then into the account data that I entered, and I created the account, in fact I was not looking for privilege escalation bug. …

Today we're going to talk about the host injection vulnerability. If you were invited to a private program, I advise you to start with this attack, as it is common and easy to discover .So let's start the fun, guys.

What is host header injection attack?

HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior.

The use of the host header is especially…

Hey guys
Today we'll talk about subdomain takeover vulnerability
We will talk about how to find the vulnerability in all its forms and the tools used, but in terms of exploitation, we will explain the exploitation of the subdomain takeover heroku

Subdomain takeovers

A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it. This can happen because either a virtual host hasn’t been published yet or a virtual host has been…

black Angel11

Security Researcher | Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store