Hello People….

After a long time, there is one interesting bug I have found in Grofers using a simple Shodan search. The vulnerability could have allowed an attacker to access the internal API monitoring dashboard of Grofers. This is my 2nd report to Grofers Security team.

I will give small brief info who don’t know about shodan!

Shodan, a search engine for all ports within the internet, can help enterprises identify and lock down security vulnerabilities Shodan is the search engine for everything on the internet.

Exploit Scenario:

Always my bug bounty journey I will start with shodan search or…

Hello Everyone!

This write-up about Dunzo Sensitive Information Disclosure Vulnerability.

The vulnerability could have allowed an attacker to access the internal monitoring dashboard of Dunzo.

Coming to the first part…

Subdomain Enumeration:

I started with subdomain enumeration. For subdomain enumeration, I used crt.sh.

what is crt.sh:

It’s a web interface. that lets you search for certs that have been logged by CT.

In this case, I got only a few subdomains. So I manually checked each subdomain. If you found a large number of subdomains you can use the Httpx tool from project discovery.


One of those domains able to access the internal dashboard without…

Hello Everyone….
I hope you all are doing well. This write-up about Flipkart Cross-Site -Scripting Vulnerability.

If you are into InfoSec or dev you guys are already heard about the Cross-Site-Scripting vulnerability. One of the vulnerabilities in OWASP TOP 10. For those who don’t know about XSS, I will give small info.

XSS(cross-site scripting)
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. …

Bigbasket Bug Bounty

Hello Everyone!

This is my first write-up.

I am Lohith Gowda M (Security Engineer). Due to covid-19, most of the employees got the work from home option. It helped me to learn something new in Bug Bounty. I started my bug bounty journey in June 2020.

Working as a Security Engineer and part-time Bug Bounty is a great way to learn something new in this field, and we can also implement it in our daily working life.

I thank my team (Vishva, Harish) and Hacktify Cybersecurity for their support and guidance.

This write-up about Big Basket Insecure Data Storage Vulnerability

Coming to…

Lohith Gowda M

Senior Security Engineer @Airmeet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store