Tag: Bug Bounty

Bug Bounty Blogs

Critical Security Vulnerability: Unauthenticated Access to /shipments/deleted 1 Endpoint Allows Irreversible Data Deletion

hackersatty

Web applications often rely on API endpoints to manage critical functionalities, but when these endpoints lack proper security controls, they can lead to severe data breaches or disruptions. In this report, I detail a critical vulnerability I discovered in the shipment management module of a logistics platform, where a public API endpoint allowed unauthenticated deletion of shipment records. This issue posed a high-impact threat to business continuity and data integrity.

Bug Bounty Blogs

$200 XSS Exploit: Bypass Cloudflare Using Waybackurls – A Complete Guide for Bug Hunters

hackersatty

By Satyam Pawale (@hackersatty) About Me Hi! I’m Satyam Pawale (@hackersatty), a passionate bug bounty hunter. In this article, I’ll take you through one of my real-world XSS vulnerability discoveries … Read More

Bug Bounty Blogs

Privilege Escalation in GraphQL – 1 Shocking Real-World Bug Bounty Exploit

hackersatty

GraphQL is an awesome query language for APIs, letting you grab exactly the data you need. But without tight security, its flexibility can backfire. During a test, I found a flaw in a GraphQL endpoint (think sample paths like /graphql or /graphql.json). A user with a “finance” role token could tweak requests to sneak into admin-level data—yikes! The server skipped privilege checks, opening the door to unauthorized access. Hackersatty is here to break it down!

© 2025 Hacker Satty - Ethical Hacking & Bug Bounty | Contact Us

Get the Latest Cybersecurity & Bug Bounty Drops

Get real-world vulnerability writeups, bug bounty techniques, and exclusive hacker tools – straight to your inbox.

We don’t spam! Read our privacy policy for more info.