sushantdhopatAccount Takeover: Exploiting Insecure Password Reset Logic for $3000We were hunting one of the private programs on HackerOne. The scope of this program was limited to a single domain, which was hosting an…Nov 4Nov 4
sushantdhopatExploiting Exposed Zendesk API Token for Full Support Desk Access for $1000Investigating GitHub leaks, we were hunting on a private program on HackerOne.Nov 4Nov 4
sushantdhopatCoveo Access Token Leak in JavaScript File Leading to API Token Creation for $1500We were doing recon on a Bugcrowd public program and attempting to find information disclosure in JavaScript files. We grepped all…Nov 42Nov 42
