Hello Guys! Hope you are doing well in this pandemic.

This write up is about Bug, Which I found in private program before six months and resolved before two months. As I mentioned in my previous blog posts, I go by functionality to hunt for Bugs. I loved this bug due to how simple IDOR could create a Huge impact if linked with the existing functionality.

As this bug was reported to private program, I won’t be able to disclose program name. I would mention it as Redacted.com throughout this blog post. …

This article is about bug i found on a private program on which i was invited few months back. I am not allowed to disclose any information about program so i would use program name as example.com.

Upon invitation this program assigns test accounts to the researcher to test application and those test accounts has normal user level permissions assigned. Main functionality of the application was related to provide employee background check service and with the normal user permission you can only create candidate,read reports and manage reports… such basic functionalities. …

This article is about bug which i discovered on Zomato.com last month. Honestly, I couldn’t provide exploitation details to the Zomato security team while submitting bug but i had a strong gut feelings about injection at the vulnerable endpoint. Although, I haven’t done technically much from my side but still i think Solr Injection is not much known in our community. Hence, I decided to share my thought processing while i was finding this bug and illustrating it step by step.

I always prefer to test application by first going through functionalities directly visible on webpages and observing…

Hello Guys! This is my first write up, I hope it would be informative. This article is about bug, i recently found on the private program on Hackerone. As this was found on the private program, i would mention it as example.com site throughout this article.

Let’s start..! While starting bug hunting on any website first thing i do is load the main page of the website on the browser and observe which technologies being used by website through browser extension Wappalyzer. As usual, i loaded home page of the example.com …

Ronak Patel

Full time bug bounty hunter

