Hi! I am a Tech Enthusiastic full-stack web developer, programmer and web/network penetration tester from Nepal.
Subscribe to my newsletter and never miss my upcoming articles
At the April 2021 Monthly Meet of null Ahmedabad, I had delivered a session on GitHub Recon. The session went amazing. Later on, in the same meet, Parth Jhankharia brother was conducting a Hands-on Challenge for the attendees and the speakers, which ...
The "surf-test.xwf.internet.org" subdomain was pointing to a AWS EC2 hostname that the Internet.org team had removed, making it susceptible to hijacking. Summarizing the vulnerability When I was looking for Dangling DNS records across the assets of m...
It was possible to claim the api.techprep.fb.com subdomain by registering the techprep-backend service on AWS Elastic Beanstalk. Some of the text presented here is an excerpt from my original vulnerability report to Facebook, so the sentences being i...
This IDOR vulnerability in the Facebook Events platform allowed an attacker profile to add anyone as co-host in his/her personal event including non-friends, non-friends-of-friends and people who have blocked him/her. Summarizing the vulnerability Wh...
This vulnerability could have let a malicious Facebook user to add a comment on any live stream even if it has a friends only privacy. The comment text was limited to a given set of quick comments. Summarizing the overall story Everything started ou...
