This all started with a when I was hunting on a private program; I found a few subdomains of almost similar UI and requests but different title. To access the subdomain login was required with no sign of creating an account. I tried injection and other basic things. When I tried for Host Header Injection, I saw a similar approach made by all those subdomains to redirect to the particular host if it exists or default back to the website(whose service was running on these subdomains). This gave out the product running and luckily they were also running Bug Bounty…

Hi, this writeup is about a bug that existed in HTML to PDF generation functionality in a program.

As it is heavily said by community that HTML to PDF genrating softwares are usually vulnerable to SSRF, and that’s what I was trying to do. The program had option to create certificates using HTML and some background template.
I tried to inject various payloads, googled things and read nahamsec’s writeup on exploiting similar function again and again, but no use.

The only HTML tag that gave back a response to my TCP tunnel was <img> tag, moreover the fetch that was…

Just like other newbies, I had been practising on portswigger academy, feeding on writeups day in and day out waiting for my first valid bug and then when it came I wasn’t able to believe what I had found.

This is the story of my first bug which I had found last october. As usual I was reading writeups and practising, watching other hackers’ videos and hovering from one discord bug bounty community to another when I saw a guy posting on nahamsec’s server that Logitech has launched a new public program with huge scope. I ran towards it.

Hey guys, this writeup is about my first Reflected XSS and how I escalated it to account takeover.

I read many Bug Hunters implying on the fact that don’t submit a simple XSS, try to escalate it. I also would tell you to escalate as much as you can, if you give them a XSS and tell what a person can do with it, it does not shows the amount of impact as you would be able to show when you prove with how it would be done; this will increase the severity as well as your payout.

So, I…

Aditya Verma

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store