When I pass phone number to username Param it was disclosing entity Id of user in response. I didn't guess algorithm , it was all there - Kongsec - Medium

What was the encryption algo through encrypt the id and how do u find what was the algorithm use to…

Ashisbanerjee

Jul 13, 2021

--

When I pass phone number to username Param it was disclosing entity Id of user in response. I didn't guess algorithm , it was all there

Kongsec

Written by Kongsec

1.93K Followers

#kongsec | Solo Bounty Hunter | Function Exploits and Report Crafting | Bikes | Not a XSS guy | Own views | Bugcrowd Top 100 l Top 10 P1 warriors | Biker

Recommended from Medium

How to Find First Bug (For Beginners)

Mr.Horbio

How to Find First Bug (For Beginners)

As a beginner, you try to find bugs in many websites but still you got nothing. You got Demotivation during bug hunting ,Don’t worry when…

3 min readNov 24

--

3

Mass Hunting XSS vulnerabilities

Ott3rly
in
InfoSec Write-ups

Mass Hunting XSS vulnerabilities

In this article, I would like to cover how it is possible to efficiently check thousands of endpoints for potential Cross Site Scripting…

6 min readNov 22

--

4

Lists

Staff Picks

519 stories481 saves

Stories to Help You Level-Up at Work

19 stories333 saves

Self-Improvement 101

20 stories975 saves

Productivity 101

20 stories880 saves

Implementing Google Login in a Node.js Application

Tasadduq Ali

Implementing Google Login in a Node.js Application

To implement Google Login, you need to set up a Google API project. Follow these steps:

3 min readJul 12

--

2

TryHackMe — IDOR WriteUp/Walkthrough with Answers

Timnik

TryHackMe — IDOR WriteUp/Walkthrough with Answers

Detailed Writeup/Walkthrough of the room IDOR from TryHackMe with answers/solutions. You can find the room here.

2 min readAug 10

--

How I got a $500 reward for finding an unacclaimed bucket on GitHub

André Pontes

How I got a $500 reward for finding an unacclaimed bucket on GitHub

I was researching bug bounty programs and my main focus was finding unacclaimed buckets, when I decided to search within the immunefi.com…

2 min readNov 16

--

1

Exploiting Exposed Tokens and API Keys: Edition 2023

Kongsec

Exploiting Exposed Tokens and API Keys: Edition 2023

Introduction: Welcome to my 14th article on exploiting exposed tokens and API keys. In this edition, I will discuss how to approach and…

3 min readJun 24

--

1

See more recommendations

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams