Hi! I am a Tech Enthusiastic full-stack web developer, programmer and web/network penetration tester from Nepal.
Subscribe to my newsletter and never miss my upcoming articles
Exploiting the postMessage() method to achieve XSS in a challenge!
The "surf-test.xwf.internet.org" subdomain was pointing to a AWS EC2 hostname that the Internet.org team had removed, making it susceptible to hijacking. Summarizing the vulnerability When I was looking for Dangling DNS records across the assets of m...
It was possible to claim the api.techprep.fb.com subdomain by registering the techprep-backend service on AWS Elastic Beanstalk. Some of the text presented here is an excerpt from my original vulnerability report to Facebook, so the sentences being i...
Find out how I was able to solve the NepHack Healthcare CTF 2020 and become the fourth solver during this special edition of NepHack Online CTF!
This IDOR vulnerability in the Facebook Events platform allowed an attacker profile to add anyone as co-host in his/her personal event including non-friends, non-friends-of-friends and people who have blocked him/her. Summarizing the vulnerability Wh...
This vulnerability could have let a malicious Facebook user to add a comment on any live stream even if it has a friends only privacy. The comment text was limited to a given set of quick comments. Summarizing the overall story Everything started ou...