Web

How I Found an Account Takeover Bug in the Forgot Password Flow

How I Found a $3000 IDOR Vulnerability in a Delivery App

Bypassing Rate Limit in GraphQL

Exploiting DOM for Open Redirect Attacks

HTTP Parameter Pollution vs Mass Assignment

API Basics: A Hacker's Starter Guide

Server Side Parameter Pollution in Rest API path parameter

Broken Object Level Authorization Vs. Broken Functionality Level Authorization | API Hacking