Rohit kumar – Medium

Rohit kumar

Detecting, Fixing, and Defending Against XXE Attacks in Python and Java

Introduction:

Jun 16, 2023

Detecting, Fixing, and Defending Against XXE Attacks in Python and Java

Jun 16, 2023

How to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive Guide

Introduction:

Jun 11, 2023

How to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive Guide

Jun 11, 2023

CSRF from which we can create a support ticket in Victim’s Account (500$)

Complete Details ===

May 20, 2021

CSRF from which we can create a support ticket in Victim’s Account (500$)

May 20, 2021

Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device…

Complete Details === During my investigation, I found that a user’s DTSG token can be exposed to a third-party application because of a…

May 20, 2021

Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device…

May 20, 2021

Page shops with a hidden Product in “Featured product section” which could be controlled by…

Product Area

Aug 31, 2020

Page shops with a hidden Product in “Featured product section” which could be controlled by…

Aug 31, 2020

[IDOR] Delete saved credit cards from any Business Manager Account.

Business manager is having an option to add and manage credit cards. However, this functionality is limited to authorized “Admins” of that…

Jun 5, 2020

[IDOR] Delete saved credit cards from any Business Manager Account.

Jun 5, 2020

Private Dashboards were accessible by other Admins in Analytics Dashboard

Private dashboards can be accessed by other Admins, which leads to sensitive data exposure.

May 2, 2020

Private Dashboards were accessible by other Admins in Analytics Dashboard

May 2, 2020

Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.

Again this will be a copy/paste of my whole report nothing fancy gifs and memes in this report 😐

Oct 12, 2019

Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.

Oct 12, 2019

ByPassing fix of Domain Blocking feature in Business Manager

A few months back I reported this vulnerability Demoted business admin could apply blocklist to all ad accounts and FB rewarded me 500$…

Aug 15, 2019

ByPassing fix of Domain Blocking feature in Business Manager

Aug 15, 2019

Business user Employees can add/edit/change or apply block list to a business account.

During BountyCon 2019 in Singapore, after getting multiple NA & Informative reports i reported this vulnerability which was valid.

Jun 17, 2019

Business user Employees can add/edit/change or apply block list to a business account.

Jun 17, 2019

Rohit kumar

Rohit kumar

✌ Hacking & Security, Programming / Technology - Not all superheroes wear capes, some just push code to Github.

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams