Hack Ethicaly, Hunt Bugs
Critical IDOR Vulnerability in Webhook Deletion – A Real-World Exploitation Guide When testing web applications, one of the most common but high-impact issues I encounter is Insecure Direct Object Reference … Read More
About Me Hey! I’m Satyam Pawale, known as @hackersatty in the bug bounty and ethical hacking world. I started bug hunting in 2024, and ever since, I’ve been obsessed with … Read More
About Me I’m Satyam Pawale, better known in the bug bounty world as @hackersatty. I started my bug hunting journey in 2024, and since then, I’ve been deeply passionate about … Read More
About Me I’m Satyam Pawale, better known in the bug bounty world as @hackersatty. As a dedicated security researcher, I specialize in uncovering complex misconfigurations and information disclosures—especially in web … Read More
About Me I’m Satyam Pawale, better known in the bug bounty world as @hackersatty. As a dedicated security researcher, I specialize in uncovering complex misconfigurations and information disclosures—especially in web … Read More
About Me I’m Satyam Pawale, better known in the bug bounty world as @hackersatty. Over the years, I’ve honed my skills in uncovering critical vulnerabilities—ranging from API misconfigurations to directory-service … Read More
By Satyam Pawale (@hackersatty) About Me Google Dorks Bug bounty is one of the most underrated skills in bug bounty hunting, yet it can lead to discovering high-severity and real-world … Read More
Satyam Pawale (@hackersatty) Introduction If you’re a bug bounty hunter, JavaScript js files should be your best friends. They’re often overlooked but loaded with critical clues like hidden API endpoints, … Read More
By Satyam Pawale (@hackersatty) About Me IDOR Vulnerability Hello all! My name is Satyam Pawale, or simply @hackersatty within the bug bounty space. I started my cybersecurity journey in … Read More
Web applications often rely on API endpoints to manage critical functionalities, but when these endpoints lack proper security controls, they can lead to severe data breaches or disruptions. In this report, I detail a critical vulnerability I discovered in the shipment management module of a logistics platform, where a public API endpoint allowed unauthenticated deletion of shipment records. This issue posed a high-impact threat to business continuity and data integrity.