Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2ndHi All!, Yuuppp…It’s me again! XD. As the title suggests, I will share how I found the [Insecure Direct Object Reference] vulnerability in…Nov 10, 20221Nov 10, 20221
Google VRP — [Insecure Direct Object Reference] $3133.70Hi All!!!, Yes… it’s me. As usual I want to give a story about how I find IDOR [Insecure Direct Object Reference] vulnerability on one of…Oct 20, 20224Oct 20, 20224
From Stack Trace Laravel Leads to Privilege Escalation [Admin]Hi!, In this Article I will only tell a little about the findings that I think are interesting to be used as stories on my medium.com xDJul 20, 20223Jul 20, 20223
How I Get Pre-Auth Remote Code Execution (CVE-2021–42237) on One of the Vendors.Hi!!!, In this Article I would like to tell you a little about how I accidentally discovered the “Pre-Auth Remote Code Execution…Jul 6, 20221Jul 6, 20221
The Journey to get “SQL Injection” at BluePay (BLUE Indonesia BluePay) — 2019Hello, In this article i want to share my experience getting SQL Injection on BluePay (BLUE Indonesia BluePay), I found this vulnerability…Apr 9, 20221Apr 9, 20221
How I Get ZeroDay Attack UFU leads to RCE on one of the Vendors.Hello, In this I want to tell you a little about how I accidentally discovered the Unrestricted File Upload attack leads to Remote…Jan 18, 2022Jan 18, 2022
SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL InjectionHello, here I just want to tell about my experience finding a real IP using CloudFlare through “SSRF External Interaction” and getting a…Aug 27, 2021Aug 27, 2021
Bypass WAF 500 Unauthorized Access! to Reflected XSS (Cross Site Scripting)- Developer BCAHello, here I just want to share my experience regarding finding the XSS (Cross site scripting) bug at one of the banks in Indonesia…Mar 1, 2021Mar 1, 2021
Found a simple “Price Parameter Tampering” on IT Bootcamp (Indonesia)Hello, here I just want to give a little story about the finding of the bug “Price Parameter Tampering” on one of the IT Bootcamp websites…Dec 6, 2020Dec 6, 2020
![Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd](https://miro.medium.com/v2/resize:fill:160:106/1*CMbFeH9r1ArMVBGHQ-ykzw.jpeg)
![Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd](https://miro.medium.com/v2/resize:fill:320:214/1*CMbFeH9r1ArMVBGHQ-ykzw.jpeg)
![From Stack Trace Laravel Leads to Privilege Escalation [Admin]](https://miro.medium.com/v2/resize:fill:160:106/1*8gvERFVuXWGrVjQ4vSSCdg.png)
![From Stack Trace Laravel Leads to Privilege Escalation [Admin]](https://miro.medium.com/v2/resize:fill:320:214/1*8gvERFVuXWGrVjQ4vSSCdg.png)
