Hackersatty – Learn Ethical Hacking, Bug Bounty, and Cybersecurity Tips
Hack Ethicaly, Hunt Bugs
About Me I’m Satyam Pawale, better known in the bug bounty world as @hackersatty. Over the years, I’ve honed my skills in uncovering critical vulnerabilities—ranging from API misconfigurations to directory-service … Read More
Web applications often rely on API endpoints to manage critical functionalities, but when these endpoints lack proper security controls, they can lead to severe data breaches or disruptions. In this report, I detail a critical vulnerability I discovered in the shipment management module of a logistics platform, where a public API endpoint allowed unauthenticated deletion of shipment records. This issue posed a high-impact threat to business continuity and data integrity.
By Satyam Pawale (@hackersatty) About Me Hi! I’m Satyam Pawale (@hackersatty), a passionate bug bounty hunter. In this article, I’ll take you through one of my real-world XSS vulnerability discoveries … Read More
GraphQL is an awesome query language for APIs, letting you grab exactly the data you need. But without tight security, its flexibility can backfire. During a test, I found a flaw in a GraphQL endpoint (think sample paths like /graphql or /graphql.json). A user with a “finance” role token could tweak requests to sneak into admin-level data—yikes! The server skipped privilege checks, opening the door to unauthorized access. Hackersatty is here to break it down!