Rohit kumarDetecting, Fixing, and Defending Against XXE Attacks in Python and JavaIntroduction:6 min read·Jun 16, 2023----
Rohit kumarHow to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive GuideIntroduction:4 min read·Jun 11, 2023----
Rohit kumarCSRF from which we can create a support ticket in Victim’s Account (500$)Complete Details ===2 min read·May 20, 2021--1--1
Rohit kumarVictim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device…Complete Details === During my investigation, I found that a user’s DTSG token can be exposed to a third-party application because of a…2 min read·May 20, 2021----
Rohit kumarPage shops with a hidden Product in “Featured product section” which could be controlled by…Product Area3 min read·Aug 31, 2020----
Rohit kumar[IDOR] Delete saved credit cards from any Business Manager Account.Business manager is having an option to add and manage credit cards. However, this functionality is limited to authorized “Admins” of that…2 min read·Jun 5, 2020----
Rohit kumarPrivate Dashboards were accessible by other Admins in Analytics DashboardPrivate dashboards can be accessed by other Admins, which leads to sensitive data exposure.2 min read·May 2, 2020----
Rohit kumarWhitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.Again this will be a copy/paste of my whole report nothing fancy gifs and memes in this report 😐4 min read·Oct 12, 2019----
Rohit kumarByPassing fix of Domain Blocking feature in Business ManagerA few months back I reported this vulnerability Demoted business admin could apply blocklist to all ad accounts and FB rewarded me 500$…1 min read·Aug 15, 2019----
Rohit kumarBusiness user Employees can add/edit/change or apply block list to a business account.During BountyCon 2019 in Singapore, after getting multiple NA & Informative reports i reported this vulnerability which was valid.4 min read·Jun 17, 2019----