| 2945 | Chaining CORS by Reflected xss to Account takeover #My first Blog |
CORS misconfiguration
Reflected XSS
Account takeover |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2020-12-26 | 2023-06-13 |
| 2865 | Finding SSRF BY Full Automation |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-01-27 | 2023-06-13 |
| 2851 | Android apk leaks access token to takeover the whole infrastructure |
Information disclosure
Hardcoded credentials
Android |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-01-30 | 2023-06-13 |
| 2727 | Finding Basic Authtoken in JAVASCRIPT file BY Full Automation |
Information disclosure |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
| 2656 | Chaining an Blind SSRF bug to Get an RCE |
Blind SSRF
RCE |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-07 | 2023-06-13 |
| 2628 | Unauthorized access to admin setpassword page BY bypassing 403 Forbidden |
Authorization flaw |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
| 2612 | AWS internal metadata accessed through SSRF by Chaining an Open Redirect bug |
SSRF
Open redirect |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-24 | 2023-06-13 |
| 2587 | Chaining CSRF with XSS to deactivate Mass user accounts by single click |
CSRF
XSS |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-02 | 2023-06-13 |
| 2569 | Unauthorized access to Django Admin Dashboard by endpoint leaked on GitHub |
Missing authentication
Forced browsing |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
| 2515 | Escalating SSRF to Accessing all user PII information by aws metadata |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-31 | 2023-06-13 |
| 2511 | Escalating SSRF to Accessing all user PII information by aws metadata |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-06-01 | 2023-06-13 |
| 2498 | How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-06-06 | 2023-06-13 |
| 2397 | How I was able Find mass leaked AWS s3 bucket from js File |
AWS misconfiguration |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-07-20 | 2023-06-13 |
| 2325 | Finding multiple SSRF with aws metadata access on A BANK system |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-08-14 | 2023-06-13 |
| 2010 | Exploiting S3 bucket with path folder to Access PII info of A BANK |
AWS misconfiguration
Information disclosure |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 1465 | Automating reflected XSS with burp-suite Intruder |
Reflected XSS |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1164 | How I found reflected XSS on IDFC Bank with burp-suite Intruder |
Reflected XSS |
IDFC Bank |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2022-08-28 | 2023-06-13 |
| 1163 | Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator |
OS command injection
RCE |
De Nederlandsche Bank |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2022-08-28 | 2023-06-13 |
| 277 | How I got access to Essilor International company customer PII INFO by AWS metadata access through SSRF |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2023-03-21 | 2023-06-13 |
