Anatomy of a "Denial of Wallet" Attack on a Modern LLM Endpoint
Beyond the Prompt: How I Found a Critical "Denial of Wallet" Flaw in an AI Feature Hey everyone, Mann Sapariya here. Today, I want to take …
Showing posts with the label BugBountyShow All
.png)
Mass Subdomain Takeover on NASA.gov – Bug Bounty Write-Up
🚀 Mass Subdomain Takeover on NASA.gov – Bug Bounty Write-Up 📌 Disclaimer This blog is for educational purposes only . All tests were performed on…
Deep Dive Into HTTP Request Smuggling – A High-Impact Bug for Bounty Hunters
Understanding HTTP Request Smuggling Hey folks, welcome back! I'm Mann Sapariya, a security researcher and bug bounty hunter. Today we’re div…
🚨 Jenkins Security Guide: Common Bugs & Real-World Exploitation (Beginner to Advanced)
👋 Hello folks, I’m Mann Sapariya — a security analyst and researcher. I often come across misconfigured CI/CD tools while analyzing attack surface…
Mastering Shodan Dorking: Finding Gold on the Open Internet
Hello, security enthusiasts! My name is Mann Sapariya , and I’m thrilled to welcome you to my new blog dedicated to bug bounty hunting, advanced rec…
NTLM Injection: Uncovering a Hidden Threat for High-Impact Exploits & Bounties
🚨 NTLM Injection: A Simple Misconfiguration with Serious Impact 🚨 Introduction In the ever-evolving landscape of cybersecurity, misconfiguratio…
New Method For Account Takeover In Android Applications
Today I have some important news to share with you about a novel way to get around OTP (One-Time Password) systems. The knowledge gained from this d…
New Method to Change Passwords Without Knowing the Old Password in android application
Introduction : In today's interconnected world, the security of our online accounts is of paramount importance. Many applications incorporate a p…
How I was able to buy free Red Bull 😁Parameter Tampering
Introduction: Android has become the industry standard platform for mobile apps, offering a wide range of features and functionalities. The need to…
New Technique to bypass otp leads to account takeover
I am excited to share with you today a significant discovery I made regarding a new technique for bypassing OTP (One-Time Password) systems. This dis…
Directory Bruteforcing on Web Server
FFUF A fast web fuzzer that can be used for both content discovery and directory bruteforcing. It can be used to discover hidden directories and file…
