0-Click Account Takeover Through a Simple Password Reset ParameterWhen it comes to security testing, the password reset flow is one of those places where developers cannot afford to make mistakes. A…Aug 14A response icon5Aug 14A response icon5
Published inLegionHuntersHow a Simple Endpoint Earned Me a $7500 Bounty from MicrosoftBy Gouri Sankar AJul 25A response icon13Jul 25A response icon13
Discovered a Reflected HTML Injection on Microsoft Learn That Earned a Spot in Microsoft’s Hall of…By Gouri Sankar AJul 24A response icon1Jul 24A response icon1
THE DARK ART OF GOOGLE DORKING : HOW I UNCOVERED SENSITIVE DATA IN THE WILDBy Gouri Sankar A ~Jul 8A response icon1Jul 8A response icon1
Unauthenticated API Endpoint Exposes SMS Account Balance — An Information Disclosure StoryWritten by Gouri Sankar AJul 6Jul 6
Identifying and Addressing Security Gaps in Bank of Maharashtra’s Mahaconnect PlatformAs a cybersecurity researcher, uncovering vulnerabilities is not just a technical exercise—it’s a responsibility. Recently, during my…Dec 7, 2024Dec 7, 2024
Unlucky Stored XSS: How I Discovered a Severe Stored XSS Flaw on a Government Website (Worth…Government websites play a crucial role in public interaction, offering information and services to citizens. However, a critical Stored…Dec 6, 2024Dec 6, 2024
