Response To Request Injection – HackBack CTF Solution

Scrolling through my news feed, I saw a post of my bro Sachin Thakuri mentioning “The HackBack – Online version is up.” Although i had participated in HackBack Live CTF, At that time i wasn’t able to solve this challenge (Christmas is not over yet). … 

 

Editing Any Posts and Changing its Privacy on Edmodo

I’m writing about an IDOR vulnerability which I found on Edmodo, that allowed attacker to edit any posts as well as change the privacy state to public or private just by replacing his post id with victims while sending a post edit request. … 

 

Current Password Validation Bypass in Envoy

I have found a Current Password Validation Bypass bug on Envoy that allows attacker to bypass the current password protection. This occurs due to lack of server side validations. …