Hack Ethicaly, Hunt Bugs
By Satyam Pawale (@hackersatty) About Me Google Dorks Bug bounty is one of the most underrated skills in bug bounty hunting, yet it can lead to discovering high-severity and real-world … Read More
Satyam Pawale (@hackersatty) Introduction If you’re a bug bounty hunter, JavaScript js files should be your best friends. They’re often overlooked but loaded with critical clues like hidden API endpoints, … Read More
By Satyam Pawale (@hackersatty) About Me IDOR Vulnerability Hello all! My name is Satyam Pawale, or simply @hackersatty within the bug bounty space. I started my cybersecurity journey in … Read More
Web applications often rely on API endpoints to manage critical functionalities, but when these endpoints lack proper security controls, they can lead to severe data breaches or disruptions. In this report, I detail a critical vulnerability I discovered in the shipment management module of a logistics platform, where a public API endpoint allowed unauthenticated deletion of shipment records. This issue posed a high-impact threat to business continuity and data integrity.
By Satyam Pawale (@hackersatty) About Me Hi! I’m Satyam Pawale (@hackersatty), a passionate bug bounty hunter. In this article, I’ll take you through one of my real-world XSS vulnerability discoveries … Read More
GraphQL is an awesome query language for APIs, letting you grab exactly the data you need. But without tight security, its flexibility can backfire. During a test, I found a flaw in a GraphQL endpoint (think sample paths like /graphql or /graphql.json). A user with a “finance” role token could tweak requests to sneak into admin-level data—yikes! The server skipped privilege checks, opening the door to unauthorized access. Hackersatty is here to break it down!
This is a subdomain of a website (let’s call it a sample platform) had critical vulnerabilities that let anyone sneak into admin-level pages. These endpoints lacked proper checks, making it easy to manipulate them and access sensitive stuff. Here’s the rundown:
While exploring a staging API for a website (let’s call it a sample platform), I stumbled upon a significant security issue via the Swagger UI, a tool for documenting and testing APIs. Here’s the discovery
JavaScript Analysis is a powerful method for uncovering hidden vulnerabilities during bug bounty hunting. I’m Satyam Pawale, known as @hackersatty in the bug bounty community. Through advanced JS file inspection, I discovered a critical security flaw in a subdomain—without needing login access. Whether you’re a beginner or experienced hunter, this guide will teach you how to perform actionable JavaScript reconnaissance that uncovers high-impact vulnerabilities.