InInfoSec Write-upsbyYoungVanda·Sep 24, 2024Going Crazy with Farming VDPs: Extplorer Admin Panel Bypass & Remote Code Execution (RCE)Hi guys, I’m YoungVanda and in this write-up, I’ll talk about a very simple CVE which led to over +20 high-critical vulnerabilities …
InInfoSec Write-upsbyYoungVanda·Jan 29, 2024Meteor Subdomain TakeoverIn this write-up I’m gonna talk about Meteor Subdomain Takeover. From a simple recon to one of the trickiest exploitations of my life 😉A response icon2A response icon2
InInfoSec Write-upsbyYoungVanda·Sep 26, 2023The Art of Monitoring Bug Bounty ProgramsWhat would’ve happened if you were the first hunter working on a target? Or if you could possibly see every single changes of the programs?A response icon2A response icon2
InInfoSec Write-upsbyYoungVanda·Jul 29, 2023Swagger XSS Mass HuntingHi guys, in this write-up, I’m gonna explain my own approach towards Swagger XSS and why I don’t use the Nuclei template (…A response icon5A response icon5
InInfoSec Write-upsbyYoungVanda·May 18, 2023My Second VDP Bug Went Critical: Grafana Admin Panel BypassHi guys, in this write up I wanna talk about my own methodology for finding Grafana admin panel and how I was able to get full access.A response icon6A response icon6
