Published inInfoSec Write-ups·Jul 4Exploiting Non-Cloud SSRF for More Fun & ProfitHi Everyone, This is Basavaraj, Back again with another SSRF Writeup :) You can check my older writeups here https://basu-banakar.medium.com/ Let's jump in directly, while hunting on some random target in my spare time, I came across one subdomain where we can see the reports related to the company and…Cybersecurity4 min readCybersecurity4 min read
Published inInfoSec Write-ups·Feb 12SSRF That Allowed Us to Access Whole Infra Web Services and Many MoreHi this is Basavaraj back again with another writeup on SSRF. This Writeup/Report/Bug will collaborated with my dost i.e Lohith Gowda What is SSRF? SSRF stands for Server-Side Request Forgery, which is a type of security vulnerability that allows an attacker to send unauthorized requests from a vulnerable server to…Hacker5 min readHacker5 min read
Feb 7Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRPHi everyone Myself Basavaraj Banakar . Without wasting time we will jump in to the matter. Issue Background : Google Meet is a popular video conferencing tool used by many organizations for virtual meetings and online collaboration. However, a recent vulnerability has been discovered by me that allows unauthorized individuals…Google3 min readGoogle3 min read
Published inInfoSec Write-ups·Nov 22, 2022SSRF via DNS Rebinding (CVE-2022–4096)Hello everyone myself Basavaraj , Today in this writeup I will explain about my 2nd CVE i.e CVE-2022–4096 Let’s get started SSRF using DNS rebinding found in Appsmith . FYI : Appsmith is used to Build, ship, and maintain internal tools. Initially I discovered the 2 SSRF’s in appsmith by…Ssrf3 min readSsrf3 min read
Dec 3, 2021SSRF Internal resource accessing & Bypassing Filter (CTF)Hello Everyone, Hope you are doing well. Myself Basavaraj here are my old blogs or writeups if you wanna check those click here Today I am gonna show how an Server side request forgery vulnerability allows to access internal resources . Before starting I will share some resources which I…Cybersecurity3 min readCybersecurity3 min read
Jul 3, 2021An Unexpected Account TakeoverHii Everyone, Hope everyone doing well. Myself Basavaraj, I am back again with My 3rd writeup, May be from this writeup you will learn something new or never neglect to check everything on a target. Lets Start, I thought to hack on a public program i.e old(around 3000+ bugs reported)…Hacking3 min readHacking3 min read
Published inInfoSec Write-ups·Jun 16, 2021Story of Google Hall of Fame and Private program bounty worth $$$$Hello Infosec Community myself Basavaraj, this my 2nd writeup, the first one is about Hacking scammers(click here to read), I seen many people getting hall of fames and bounties from google vrp , I thought why should I give a try and successfully got 4 duplicate(and any beginners reading this…Hacker4 min readHacker4 min read
Dec 9, 2020How I Hacked Scammers with whole windows server takeover by RDPHii InfoSec and non InfoSec Community Welcome To my first article about how i hacked scammers(Who makes fruad things online i.e Ripping of money), scamming online with their fake websites, Myself an BugBounty Hunter and CTF player and Ethical Hacker(Not certified yet)…. As Usual Morning when i wake up i…Hacker4 min readHacker4 min read
