Hello People…. After a long time, there is one interesting bug I have found in Grofers using a simple Shodan search. The vulnerability could have allowed an attacker to access the internal API monitoring dashboard of Grofers. This is my 2nd report to Grofers Security team. I will give small…

Hello Everyone! This write-up about Dunzo Sensitive Information Disclosure Vulnerability. The vulnerability could have allowed an attacker to access the internal monitoring dashboard of Dunzo. Coming to the first part… Subdomain Enumeration: I started with subdomain enumeration. For subdomain enumeration, I used crt.sh. what is crt.sh: It’s a web interface. that lets you search for…

Hello Everyone…. I hope you all are doing well. This write-up about Flipkart Cross-Site -Scripting Vulnerability. If you are into InfoSec or dev you guys are already heard about the Cross-Site-Scripting vulnerability. One of the vulnerabilities in OWASP TOP 10. For those who don’t know about XSS, I will give small…

Hello Everyone! This is my first write-up. I am Lohith Gowda M (Security Engineer). Due to covid-19, most of the employees got the work from home option. It helped me to learn something new in Bug Bounty. I started my bug bounty journey in June 2020. Working as a Security Engineer and…