bug hunting

From Git Folder Disclosure to Remote Code Execution

From Unvalidated Redirect and Parameter Tampering to Account Takeover

How I accidentally found Bug in Google Search Console

XSS to Account Takeover - Bypassing CSRF Header Protection and HTTPOnly Cookie

Exploiting Cookie Based XSS by Finding RCE

AWS Metadata Disclosure via "Hardcoded Host" Download Function

Reflected XSS on Error Page

How I Found Multiple Vulnerabilities on AntiHack.Me