Breaking the Doors: Paypal 2-Factor Bypass

Two-factor authentication is an extra layer of security for your Paypal Account designed to ensure that you’re the only person who can access your account, even if someone knows your password.
Read more →

404 Not Found: Vulnerability Disclosure in the Philippines

We could have avoided Biggest Data Breaches in the Country if there is a platform or channel where Security Researchers can report Vulnerabilities, frankly we don’t have one.
Read more →

CVE-2020-12832

WordPress Plugin Simple File List is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.
Read more →

Non-Verified User can Submit Report,View Disclosed Reports | Secuna bug bounty

I was able to find a bug that lets me submit report,edit profile and view disclosed reports in secuna while using a rejected or non-verified account.
Read more →

Exposed S3 Credentials of QuadX

I found a exposed sensitive credential in the website and was able to access the Amazon S3 Bucket of Paylink, One of the digital platforms of QuadX. This allowed me to retrieve, upload and remove all files in the S3 Bucket.
Read more →