Hi Everyone, teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks and improve the security of Go-based web applications. teler-waf is a comprehensive security solution for Go-based web applications. It acts as an HTTP middleware, providing an easy-to-use interface for integrating IDS functionality…

Hi Everyone, When I did Bug Hunting, I found the Login without Password feature. The Login without Password feature is a feature that is used for valid account users to log in without a password or valid account users can only log in using the OTP ( One-Time Password )…

Hi everyone, When I decided to do some Bug Hunting on the TikTok program, and I got some XSS Stored in a few months. After waiting for so long to disclose these findings, and finally, this article is disclosed. Follow Me :)

Hi everyone, Bagaimana kabar anda? Saya harap kita semua baik-baik saja. Saya ingin membagikan sebuah artikel terkait solusi untuk ChallengeXSS dari Revan AR ( https://tools.revanar.dev/lab/ ) Sebelum memulainya, saya sudah terlebih dahulu meminta izin ke pemilik Challange untuk publish ini, dan akhirnya disetujui. Ikuti Saya :) XSS Challenge V1 Di…

Hi everyone This time I will write a little XSS solution in Open Redirect that uses the attribute rel=”noopener follow” target=”_blank. Here’s the code snippet: <a class=”test” title=”test” href=”javascript:alert()” rel=”noopener follow” target=”_blank”>CLICK</a> Source : Page Title Edit descriptiontest.secrash.com From the code snippet above, I tried to open it through several Modern Browsers: Google Chrome

Hi everyone, In this article, I share the findings of XSS Blind Stored at 2 TikTok Assets. When I decided to hunt for bugs in the TikTok program, and I spent 1 month looking for this XSS. This XSS finding started when I created a product on a TikTok seller…

Hi everyone First, let me introduce a little background, I am a young teenager graduated from Senior High School and IT Security Enthusiast from Indonesia. Now, I am 21 years old. I once had a dream that I wanted to find a valid vulnerability on some Tech Giant Site, and…

Assalamualaikum Bug Hunter & Hi Everyone. This time I want to share a finding of the XSS STORED Vulnerability on Yandex. Previously I have tried to search for vulnerabilities in the Yandex Bug Bounty Program, and as a result I did not find any vulnerabilities in Yandex. I was frustrated…

Hi everyone, In this article I want to share my findings on a Private Program at Hackerone which is very unique. Let’s take a minute to take a look at this :) When I was hunting on a private program on Hackerone, I came across a scope of https://redacted.com/. And…