Skip to main content

Posts

Featured

Payment receipt disclosure (Instamojo)

Hello, My fellow readers So while searching for bounty programs i came across Instamojo (it is a payment portal) in India. i thought , at first why not give it a try and lets see if i can find something interesting But Best part of this is that i  found it in the first step i,e. Recon. so i started with some Google-fu (dorking , and that's where i got my alias.) after few dorkings i came across a pdf which is actually a book sold by "I*** Foundation" and the crawler found it. so this is the url https://www.instamojo.com/payment/status/MOJO5b*********/?token=<token here>&expired=true so , only the right owner can view the reciept of this book who buyed it. I looked if i can bypass it and then my view shifted to "expired=true" parameter , after i changed the "true" to "false" , i was in and can view the reciept. Payment ID MOJO5b0********* Paid to I**** Foundation Paid on Nov 09, 2015 at 9:52am ............

Latest posts

ATT&T infinite loop redirection vulnerability

Drugs.com Open redirect

swfupload XSF_XSS in one of the google acquitions

ESET TYPO3 CMS HOst Header Vulnerability

First Bounty by malwarebytes(http to https redirection)

How i managed to buy burpsuite license for desired price.

sony infinite loop vulnerability leads to DOS

weak RC4 ciper suite usage

localhost disclosure(spreaker.com)

Story of a Bug Hunter (My Life)