-
How '111111' Unlocked the Admin Panel — A Real Bug Hunting Story
Have you ever tried something so simple during testing that it felt almost too silly to work? Well, I did. And it unlocked the admin panel. Let me explain. The Setup I was testing the login flow of a web application. It used an OTP-based authentication system—nothing unusual. You enter...
-
Duplicate CSRF Leads to Account Takeover
Introduction Hey everyone, Bhavesh aka Shellbreaker here! Cybersecurity is my passion—both in my role as a security engineer and during late-night bug bounty sessions. Join me as I uncover vulnerabilities and explore the wild world of cybersecurity, one loophole at a time. What is CSRF? Cross-Site Request Forgery (CSRF) is...