Hello guys
Today we’re going to talk about how you managed to bypass rate limiting
In one of the US Department of Defense sites
But I will explain in detail about this bug in another article and ways to overcome it in detail. …

My First Bounty (idor)

There is no despair with life, no life with despair

بسم الله الرحمن الرحيم

First of all, this is my first article. I benefited a lot from this platform, and I want to thank everyone who contributed to publishing articles that benefited everyone. So I would love to also participate in informing others about what I teach him.
This is a…

FCKeditor is a lightweight text editor to be used in web pages and upload file too.

let’s start

1-using this dork inurl /editor/filemanager/connectors/test.html

2-you must know which programming languages ​​was the site programmed?

then choose programming languages from Connector:

and web server too

for example website in poc that i…

what’s ssrf ?

Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.


1-you can use this dorks to find vulnerable sites

inurl /editor/filemanager/connectors/uploadtest.html

2-after going…

Before I start explaining how I found this bug.I will talk about Account Takeovers Methodologies

Account Takeovers Methodologies:-

  • CSRF
  • No rate limit on login with weak password policy
  • Token leaks Via Referrer
  • Sensitive data exposure
  • Password reset poisoning
  • Auth Bypass
  • Steal cookies with Xss

Now let’s tell you about the steps for finding…

Hello hackers
Today we'll talk about how to bypass rate limiting
via Bypass Captcha
This article will be brief, meaning that we will explain the rate limiting in detail and Bypass Captcha in a later lesson.

what is rate Limiting ?

Rate limiting is a strategy for limiting network traffic. It puts a cap on…

what is Privilege Escalation?

Privilege escalation vulnerabilities are security issues that allow users to gain more permissions and a higher level

Hello guys,who love to hack .Today I will talk about how I got this bug. It’s easy. All you have to do is focus and take time to think

While I was roaming…

Today we're going to talk about the host injection vulnerability. If you were invited to a private program, I advise you to start with this attack, as it is common and easy to discover .So let's start the fun, guys.

What is host header injection attack?

HTTP Host header attacks exploit vulnerable websites that handle the…

Hey guys
Today we'll talk about subdomain takeover vulnerability
We will talk about how to find the vulnerability in all its forms and the tools used, but in terms of exploitation, we will explain the exploitation of the subdomain takeover heroku

Subdomain takeovers

A subdomain takeover occurs when an attacker gains control…

black Angel11

Security Researcher | Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store