Caesar Evan SantosoGoogle VRP (Acquisitions) — [Insecure Direct Object Reference] 2ndHi All!, Yuuppp…It’s me again! XD. As the title suggests, I will share how I found the [Insecure Direct Object Reference] vulnerability in…Nov 10, 20221Nov 10, 20221
Caesar Evan SantosoGoogle VRP — [Insecure Direct Object Reference] $3133.70Hi All!!!, Yes… it’s me. As usual I want to give a story about how I find IDOR [Insecure Direct Object Reference] vulnerability on one of…Oct 20, 20224Oct 20, 20224
Caesar Evan SantosoFrom Stack Trace Laravel Leads to Privilege Escalation [Admin]Hi!, In this Article I will only tell a little about the findings that I think are interesting to be used as stories on my medium.com xDJul 20, 20223Jul 20, 20223
Caesar Evan SantosoHow I Get Pre-Auth Remote Code Execution (CVE-2021–42237) on One of the Vendors.Hi!!!, In this Article I would like to tell you a little about how I accidentally discovered the “Pre-Auth Remote Code Execution…Jul 6, 20221Jul 6, 20221
Caesar Evan SantosoThe Journey to get “SQL Injection” at BluePay (BLUE Indonesia BluePay) — 2019Hello, In this article i want to share my experience getting SQL Injection on BluePay (BLUE Indonesia BluePay), I found this vulnerability…Apr 9, 20221Apr 9, 20221
Caesar Evan SantosoHow I Get ZeroDay Attack UFU leads to RCE on one of the Vendors.Hello, In this I want to tell you a little about how I accidentally discovered the Unrestricted File Upload attack leads to Remote…Jan 18, 2022Jan 18, 2022
Caesar Evan SantosoSSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL InjectionHello, here I just want to tell about my experience finding a real IP using CloudFlare through “SSRF External Interaction” and getting a…Aug 27, 2021Aug 27, 2021
Caesar Evan SantosoBypass WAF 500 Unauthorized Access! to Reflected XSS (Cross Site Scripting)- Developer BCAHello, here I just want to share my experience regarding finding the XSS (Cross site scripting) bug at one of the banks in Indonesia…Mar 1, 2021Mar 1, 2021
Caesar Evan SantosoFound a simple “Price Parameter Tampering” on IT Bootcamp (Indonesia)Hello, here I just want to give a little story about the finding of the bug “Price Parameter Tampering” on one of the IT Bootcamp websites…Dec 6, 2020Dec 6, 2020
Caesar Evan SantosoFull Path Disclosure at Digital Payments IndonesiaCerita Caesar Evan Santoso.Oct 2, 2020Oct 2, 2020
![Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd](https://miro.medium.com/v2/resize:fill:160:106/1*CMbFeH9r1ArMVBGHQ-ykzw.jpeg)
![Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd](https://miro.medium.com/v2/resize:fill:320:214/1*CMbFeH9r1ArMVBGHQ-ykzw.jpeg)
![From Stack Trace Laravel Leads to Privilege Escalation [Admin]](https://miro.medium.com/v2/resize:fill:160:106/1*8gvERFVuXWGrVjQ4vSSCdg.png)
![From Stack Trace Laravel Leads to Privilege Escalation [Admin]](https://miro.medium.com/v2/resize:fill:320:214/1*8gvERFVuXWGrVjQ4vSSCdg.png)
