Hi All!!!, Yes… it’s me. As usual I want to give a story about how I find IDOR [Insecure Direct Object Reference] vulnerability on one of Google’s subdomains (https://datastudio.google.com/) Description Google Data Studio is a tools for displaying data to make it easier to read. So, you can determine a website…

Hi!, In this Article I will only tell a little about the findings that I think are interesting to be used as stories on my medium.com xD Note : I found this attack on one of the Vendors and of course I will censor :) Description Stack Trace Laravel : For…

Hi!!!, In this Article I would like to tell you a little about how I accidentally discovered the “Pre-Auth Remote Code Execution (CVE-2021–42237)” Attack on one of the Vendors affected by this attack. Note : I will Censor any Vendor affected by this attack. Description Sitecore XP 7.5 Initial Release to…

Hello, In this article i want to share my experience getting SQL Injection on BluePay (BLUE Indonesia BluePay), I found this vulnerability in 2019 when I was still a Vocational High School and this machine was very popular in my school, and that’s when I tried do Pentest on this…

Hello, In this article I want to tell you a little about how I accidentally discovered the Unrestricted File Upload attack leads to Remote Code Execution on one of the vendors affected by this attack… Little Story Previously, I really didn’t know that those affected by the vulnerability that I found were…

Hello, here I just want to tell about my experience finding a real IP using CloudFlare through “SSRF External Interaction” and getting a form login for Admin and there is a SQL Injection bug. Little Story Previously I had also found SQLi vulnerabilities on this website but this time it felt a…

Hello, here I just want to share my experience regarding finding the XSS (Cross site scripting) bug at one of the banks in Indonesia, namely BCA (Bank Central Asia). Little Story I previously got this URL from 17 May 2019 and it comes from an email from Bank BCA, namely “Developer BCA”

Hello, here I just want to give a little story about the finding of the bug “Price Parameter Tampering” on one of the IT Bootcamp websites in Indonesia. Summary The Parameter tampering attack relies on the manipulation of parameters changed by the user so as to change application information like user…

Bismillah. Assalamualaikum wr wb, teman teman ^-^)/ Disini saya hanya ingin membagikan pengalaman Berburu Bug saya pada salah satu website Pembayaran Digital Indonesia, Sebelumnya terima kasih banyak kepada pak Zul Amri yang sudah memforward Laporan saya ke Team dari website tersebut. Tentang Full Path Disclosure : Kerentanan Full Path Disclosure (FPD)…