bug hunting From Git Folder Disclosure to Remote Code Execution From Unvalidated Redirect and Parameter Tampering to Account Takeover How I accidentally found Bug in Google Search Console XSS to Account Takeover - Bypassing CSRF Header Protection and HTTPOnly Cookie Exploiting Cookie Based XSS by Finding RCE AWS Metadata Disclosure via "Hardcoded Host" Download Function Reflected XSS on Error Page How I Found Multiple Vulnerabilities on AntiHack.Me