Hello I’m Mostafa Elguerdawi in this write-up I’ll explain how could I bypass 2fa. Let’s call on my target target.com First, I created an account and logged in in a normal way. After some testing in some authenticated endpoints I decided to test on 2fa function. I enabled 2fa and…

Hello I’m Mostafa Elguerdawi, This Write-up about one of my recent reports I will explain how I find it from zero, So Let’s start. First let’s say my target was redacted.com Find sub-domain from Shodan I decided to get my target favicon hash in order to find more sub-domains through shodan First I…

Hello All I’m Mostafa Elguerdawi, In this writeup I will explain how I get RXSS using shodan What is shodan? Shodan is a search engine that allows users to search for internet-connected devices and systems. However, it’s not a typical search engine like Google, which indexes web pages. Instead, Shodan…

Hello All, I am Mostafa Elguerdawi and This is my first bug ever in Android Bug Hunting, So let’s start. What is WebView? In Android development, a WebView is a UI component that allows you to display web content within your Android app. It is essentially a widget that can render web pages…

Hello there , I’m Mostafa Elguerdawi, Today , I would like to share about one of my recent finding in HackerOne ‘s program Let’s say : https://reacted.com When I’m testing on this site, there is a login function, as normal I tried login bypass using Response Manipulation, Default Credentials…

Insecure Data Storage essentially refers to data packets or data that is stored without the added protection of encryption or other firewalls. Storing important data like password and credit card number needs a secure mechanism. Ordinarily, Developers use file, database or saved setting to store these kind of data. we…

Challenge Name : Father’s Light Challenge Level : Medium Category : web Description : Enter the enigmatic realm of “Father of Light” Unleash your skills, explore hidden paths, and uncover the depths of mysterious creations. Will you emerge as the champion? Dare to unravel the enigma. after enter the challenge…

Hello everyone, it has been a whole year since I first discovered a vulnerability, so I have decided to publish an article about it. The first thing I did was to collect the JavaScript files of the website using this command : katana -list scope.txt -jc | grep “\.js$” |…

Hello this new write up for “Jacob the Boss” room from TryHackMe Difficulty: Medium Description: Well, the flaw that makes up this box is the reproduction found in the production environment of a customer a while ago, the verification in season consisted of two steps, the last one within the…