Rohit kumar – Medium

Rohit kumar

Detecting, Fixing, and Defending Against XXE Attacks in Python and Java

Introduction:

6 min readJun 16, 2023

--

Detecting, Fixing, and Defending Against XXE Attacks in Python and Java

--

Rohit kumar

How to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive Guide

Introduction:

4 min readJun 11, 2023

--

How to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive Guide

--

Rohit kumar

CSRF from which we can create a support ticket in Victim’s Account (500$)

Complete Details ===

2 min readMay 20, 2021

--

1

CSRF from which we can create a support ticket in Victim’s Account (500$)

--

1

Rohit kumar

Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device…

Complete Details === During my investigation, I found that a user’s DTSG token can be exposed to a third-party application because of a…

2 min readMay 20, 2021

--

Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device…

--

Rohit kumar

Page shops with a hidden Product in “Featured product section” which could be controlled by…

Product Area

3 min readAug 31, 2020

--

Page shops with a hidden Product in “Featured product section” which could be controlled by…

--

Rohit kumar

[IDOR] Delete saved credit cards from any Business Manager Account.

Business manager is having an option to add and manage credit cards. However, this functionality is limited to authorized “Admins” of that…

2 min readJun 5, 2020

--

[IDOR] Delete saved credit cards from any Business Manager Account.

--

Rohit kumar

Private Dashboards were accessible by other Admins in Analytics Dashboard

Private dashboards can be accessed by other Admins, which leads to sensitive data exposure.

2 min readMay 2, 2020

--

Private Dashboards were accessible by other Admins in Analytics Dashboard

--

Rohit kumar

Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.

Again this will be a copy/paste of my whole report nothing fancy gifs and memes in this report 😐

4 min readOct 12, 2019

--

Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.

--

Rohit kumar

ByPassing fix of Domain Blocking feature in Business Manager

A few months back I reported this vulnerability Demoted business admin could apply blocklist to all ad accounts and FB rewarded me 500$…

1 min readAug 15, 2019

--

ByPassing fix of Domain Blocking feature in Business Manager

--

Rohit kumar

Business user Employees can add/edit/change or apply block list to a business account.

During BountyCon 2019 in Singapore, after getting multiple NA & Informative reports i reported this vulnerability which was valid.

4 min readJun 17, 2019

--

Business user Employees can add/edit/change or apply block list to a business account.

--

Rohit kumar

Rohit kumar

✌ Hacking & Security, Programming / Technology - Not all superheroes wear capes, some just push code to Github.

Following

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams