Hello everyone! My name is Sagar Sajeev and this is my writeup explaining how I was able to escalate a Server Side Template Injection (P4) to a much more severe XSS. Note: For those who haven't heard of Server Side Template Injection or SSTI, I’ll recommend you to get some…

Hello fellow Hackers. I’m Sagar Sajeev In this writeup, I would like to share how I was able to unsubscribe any user from the Target website’s email notification service. This was possible because the unsubscribe feature (which is often found near the footer of the mail) was vulnerable to IDOR. …

How’s it going everyone. I’m Sagar Sajeev In this writeup I would like to share how I was able to buy any product off an E-commerce website for $10. This was possible because of vulnerable parameter which made IDOR possible. The target domain was a start-up E-commerce website. I did…

Hello everyone. Myself Sagar Sajeev. In this writeup, I’ll discuss a how I was able to find a Open Redirect on a target website and escalate it to a XSS, thereby increasing the severity. Let the target domain be:- “https://www.radacted.com/resources?search=hacker” Note that the search term ‘hacker’ was being reflected in…

Hey Guys. I’m Sagar Sajeev . In this small writeup I would like to share how I reported a case of Email Verification Bypass. But what makes it unique is the way in which it has to be exploited. Let the domain be :- “https://www.redacted.com/account/login” Login into the account as…

Hello Everyone. My name is Sagar Sajeev . In this writeup, I’ll explain how I was able to bypass a File upload feature on the target and chain it to an RCE. Thus increasing the severity. The fun thing is that, the target Website Security team had deployed fix 3…

What’s up everybody. My name is Sagar Sajeev. This is my writeup about a collection of Browser extensions (Chrome and Firefox) which have actually helped me find me vulns and thus bounties. A browser extension is a small software (aka plugin) for your browser that adds certain functions and features…

How’s it going guys! My name is Sagar Sajeev and this is my writeup about one of my recent SSTI (Server Side Template Injection) finding. According to Portswigger, Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template…

How’s it going everyone! My name is Sagar Sajeev. I had found an interesting Business Logic Flaw and wanted to share it with you guys. According to OWASP , Business Logic Vulnerabilities are ways of using the legitimate processing flow of an application in a way that results in a…