Image for post
Image for post

Web Application is commonly found part of any organization’s infrastructure and often is exposed publicly and accessible by the world. Due to this, an attacker usually considers attacking the web applications in order to gain an initial foothold into the organization’s network. From my personal experience being a Pentester & Bug Bounty Hunter, you will see Web Applications everywhere and most of the organizations want their exposed infrastructure to be secure & robust. Hence, Web Application Penetration Testing is one of the core skills when it comes to Pentesting & Bug Bounty.

I recently attempted for eLearnSecurity’s eLearnSecurity Web application…


Reconnaissance (aka Recon) is an essential process in pentesting, especially Black Box Pentesting, where you don’t have specifics about your target. Before starting to hit your target, it is important to gather as much information as possible about your target to specify your Attack Surface area. An “Attack Surface” is a fancy term used to define the “Viable Attack Points” for your target.

Recon comes in hand when gathering information about your target. Some people may consider recon as something to automate and find vulnerabilities. …


Multi-Factor Authentication (MFA) often known as Two-Factor Authentication (2FA) is an added layer of protection added to an application in order to enhance the overall security of the user’s account.

Multi-Factor Authentication Workflow

  1. The user navigates to the Application’s Login Function and provides login credentials.
  2. Upon which, the application invokes a 2FA request, asking the user to input and verify the identity for a second time. This is different from the password.
  3. The user has access to its 2FA device, say, it’s a Third-Party Application (TPA) like Authy or Google Authenticator.
  4. The User takes the 2FA code and provides it…


Image for post
Image for post

The penetration Testing domain has grown exponentially in the last couple of years and so the competition. Validating and Proving your skills in a short interview call isn’t always a win-win situation for both the employee and employer and this is where various security certification comes into the picture. Various well-known security certifications give the organization confidence about the person they are hiring as they have validated their skills through the certification exam.

eLearnSecurity offers a certification called eLearnSecurity Certified Profession Penetration Tester (eCPPT) v2 which is a real-life practical scenario-based examination. I recently gave this certification and obtained it…


Image for post
Image for post

Arbitrary URL Redirection Attack often is popularly known as an Open Redirection attack, which is a common web vulnerability that allows an attacker to redirect the victim user to an attacker-controlled domain. This attack can leveraged to steal sensitive information such as tokens, perform social engineering, and other attacks.

The Arbitrary URL Redirection Attack mostly happens at the endpoint where the application accepts user-supplied URL and redirects it upon the execution of the vulnerable function. Some of the common parameters are ?return=,?returnURI=,?forwardedTo=, ?redirect=, ?redirectURI=, ?url=,?forward= and other such parameter that seems to load or redirect user to another endpoint.

If…


Image for post
Image for post

Insecure Direct Object Reference falls under the category for Broken Access Controls as per OWASP TOP 10 (2017 Edition). This issue usually occurs due to weak implementation of the application’s access control logics which links an identifier or an object to a particular asset say user_id parameter defines which user’s data is to be updated. IDORs are compared to server-side issues, are widely observed, and easy to identify. However, often IDORs can be tricky and an application that looks very much robust might also have IDORs.

Hi fellow hackers and bounty hunters, I hope you all are doing good. After…


Image for post
Image for post

Amazon S3 (Simple Storage Service) is one of the popular and widely used storage services. Many companies are using S3 buckets to store their assets such as user profile pictures, static resources, and anything as per their business logic and needs. However, if the buckets are not configured properly, or are unclaimed, an attacker can probably perform some mischievous actions such as S3 Bucket Takeover or S3 Content Takeover.

Hi Fellow Hackers & Enthusiasts, In this article, I will be talking about one of the recent encounters where a misconfigured S3 Bucket allowed me to perform any of the CRUD…


Image for post
Image for post

Cross-Site Request Forgery (CSRF) is hardly seen with new frameworks but is yet exploitable like old beautiful days. CSRF, a long story short is an attack where an attacker crafts a request and sends it to the victim, the server accepts the requests as if it was requested by the victim and processes it. To mitigate this there are multiple protection mechanisms that are getting deployed and one we are going to deal with is Anti-CSRF Token.

Hi Fellow Hackers & Security Enthusiasts, Today I am going to write how I was able to Bypass CSRF Protection to Execute a…


Image for post
Image for post

Reflected Cross-Site Scripting happens when you provide a malicious javascript code to some input parsing functionality and due to lack of sanitization and filtration the application process your malicious code considering it as a valid input and thus, usually giving a popup of happiness.

However, when it is your lucky day and just for fun and learning you try to increase impact, and all of a sudden the server crashes, reveals the Database Credentials, your mind says only one thing “It’s a holy adventure time”.

Hi fellow hackers and enthusiasts, Today, I will be sharing my recent weird yet…


Image for post
Image for post

Cross-site scripting is one of the prominent attacks of all time. It is still being exploited in the wild. Cross-site scripting is always not about popping an alert box with some random crazy string or domain or cookies. Cross-site scripting vulnerabilities can be chained with other low hanging issues to make a critical impact. It is an obvious impact people write in their report an attacker can steal session cookies of victim user but the question here is how many people are actually exploiting it? …

Harsh Bothra

Security Engineer | Bugcrowd Top 150 & MVP| Synack Red Teamer | Cobalt Core Pentester | Bug Hunter | Author | Speaker | Learner | Poet | Twitter — @harshbothra_

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store