Summary :

Business logic errors will allow you to manipulate the business logic of an application. Sometimes business logic errors can have devastating effects on the applications. Business logic errors are difficult to find because they involve legitimate use of the application’s functionality. …


Summary :

In a simple language “Google Dorks” is just a simple technique which can be used on google search engine to find security holes and sensitive information that is not easily available on a website. It is one of the most effective technique to find sensitive information of any…


Summary :

Business logic vulnerabilities are ways of using the legitimate processing flow of an application in a way that results in a negative consequence.

Description :

I found this vulnerability on a private program of Bugcrowd where there was a comment section. I noticed that whenever any person makes…


Hello everyone, at first I want to thank you all for 1K family and I hope you guys are getting some knowledge from my blogs. I decided to write something interesting on 1K followers and luckily I found this material for the blog on vulnerability which I discovered in 2018.


Summary :

PII stands for Personally Identifiable Information. It is a kind of data which helps us to identify ones identity, for instance your full name, social security number, taxpayer identification number, driver’s license number, PAN card number, mobile number, address, etc. …


Summary :

Server Side Request Forgery (SSRF) attacks are used to target internal systems that are behind firewalls and are not accessible from the external network. SSRF attacks can be exploited to access internally running services like SSH, Local-Host, FTP, Gopher etc. …


Summary :

Everyone knows what is an “Exif Data”, so I found this exif data vulnerability on my target website where the server was not stripping the exif data from the uploaded images. Reporting exif data vulnerability is considered as P4 and in some cases P3 as per Bugcrowd’s VRT


Summary :

Cross Site Port Attack is an abbreviation of XSPA. In this attack an application processes user supplied URLs and does not verify or sanitize the back end response received from remote servers before sending it back to the client. An attacker can send crafted queries to a vulnerable…


Hello everyone I would like to share one of my findings of business logic errors where I was able to abuse password functionality. I found this vulnerability on a private project I was working on.

Summary :

It commonly allow attackers to manipulate the business logic of an application. Errors…


Hello everyone I want to share one of my recent findings for which I was paid $50 because it was the highest amount they were offering. I found an interesting account takeover using JSON null value.

Summary :

Few days back I was hunting on a program where there was…

Jerry Shah (Jerry)

|Penetration Tester| |Hack The Box| |Digital Forensics| |Malware Analysis|

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store