Caesar Evan SantosoGoogle VRP (Acquisitions) — [Insecure Direct Object Reference] 2ndHi All!, Yuuppp…It’s me again! XD. As the title suggests, I will share how I found the [Insecure Direct Object Reference] vulnerability in…3 min read·Nov 10, 2022--1--1
Caesar Evan SantosoGoogle VRP — [Insecure Direct Object Reference] $3133.70Hi All!!!, Yes… it’s me. As usual I want to give a story about how I find IDOR [Insecure Direct Object Reference] vulnerability on one of…4 min read·Oct 20, 2022--3--3
Caesar Evan SantosoFrom Stack Trace Laravel Leads to Privilege Escalation [Admin]Hi!, In this Article I will only tell a little about the findings that I think are interesting to be used as stories on my medium.com xD4 min read·Jul 20, 2022--3--3
Caesar Evan SantosoHow I Get Pre-Auth Remote Code Execution (CVE-2021–42237) on One of the Vendors.Hi!!!, In this Article I would like to tell you a little about how I accidentally discovered the “Pre-Auth Remote Code Execution…4 min read·Jul 6, 2022--1--1
Caesar Evan SantosoThe Journey to get “SQL Injection” at BluePay (BLUE Indonesia BluePay) — 2019Hello, In this article i want to share my experience getting SQL Injection on BluePay (BLUE Indonesia BluePay), I found this vulnerability…3 min read·Apr 9, 2022--1--1
Caesar Evan SantosoHow I Get ZeroDay Attack UFU leads to RCE on one of the Vendors.Hello, In this I want to tell you a little about how I accidentally discovered the Unrestricted File Upload attack leads to Remote…4 min read·Jan 18, 2022----
Caesar Evan SantosoSSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL InjectionHello, here I just want to tell about my experience finding a real IP using CloudFlare through “SSRF External Interaction” and getting a…4 min read·Aug 27, 2021----
Caesar Evan SantosoBypass WAF 500 Unauthorized Access! to Reflected XSS (Cross Site Scripting)- Developer BCAHello, here I just want to share my experience regarding finding the XSS (Cross site scripting) bug at one of the banks in Indonesia…3 min read·Mar 1, 2021----
Caesar Evan SantosoFound a simple “Price Parameter Tampering” on IT Bootcamp (Indonesia)Hello, here I just want to give a little story about the finding of the bug “Price Parameter Tampering” on one of the IT Bootcamp websites…3 min read·Dec 6, 2020----
Caesar Evan SantosoFull Path Disclosure at Digital Payments IndonesiaCerita Caesar Evan Santoso.3 min read·Oct 2, 2020----