Hello Friends, Welcome back, This time i would be talking about a Bug which i found in Apple’s acquisition Beats by Dr dre. It was 2015 and i was trying to fiddle with Apple related Web applications and found Beats by Dr. Dre website. In this article, i would like to emphasis on the CSRF… Read More How i Hacked your Beats account ? Apple Bug Bounty
Hello Guys, It’s me Aaditya Purani, So today i am writing one of the Most Anticipated topic and hottest one known as SSRF (Server Side Request Forgeries ). SSRF is something you find rarely in day to day Web applications. So there are lesser POC’s available online. So what about coding One? Yes. Cool enough… Read More Exploiting the SSRF (Remote SSRF)
Hey, I am Aaditya Purani (@aaditya_purani), so many of my friends experienced issues that they get error while installing qtox when they use command. It is a case study + solution . sudo apt-get install apt-transport-https and you will get E: Unable to locate package apt-transport-https The first traditional way is to look in /etc/apt/sources.list… Read More E: The method driver /usr/lib/apt/methods/https could not be found Solution
Hello, I got Acknowledged by PasswordBoss for reporting them correct security issues and Hall of fame was given as token of appreciation. “The easiest to use password manager and password safe. Password Boss puts you in charge of your online security. Always safe with bank-grade security.” Here is Hof link : https://www.passwordboss.com/security/report-an-issue/ Thank you… Read More Acknowledged by PasswordBoss
Hello, I am Aaditya Purani, and before a month i found out a Persistant XSS issue on Intel, but Intel has some different Responsible policy, they don’t allow Researchers to do pen-testing without their permission else they might take actions. So i contacted them and ask for permission which they agreed and in few days… Read More Acknowledged by Intel (Certificate)
Hello, I am Aaditya Purani, and today i will teach you Input variables using `Read` in Shell Scripting. I have also made a video as usual for you guys, which is at bottom of the article 🙂 So, This command takes the input and will save it into a variable. read var1 Code: #!/bin/sh… Read More Shell Scripting Tutorial – 2
Hello, I am writing a post after a long time, because a company who stands within Alexa Rank 100 asked me how to patch site from Click- Jacking Vulnerability. I am really enthusiast in Server Side flaws which results to affect Users. I almost never look for Click-Jacking in my Bug-Hunt (1% of my total… Read More Protecting your Site From Click Jacking
One of the most amazing security encounter i faced in my throughout career was of the Hall of Fame by Get Pocket. A quite unexpected Hall Of Fame. I usually wrote less about bug story and more about vulnerabilities in my previous posts. But today, i am going to explain a case about how i… Read More Acknowledged by Pocket ( Hall Of Fame)
Hello, I am today sharing one of my 0 days with you all. The vulnerability was XSS (Cross site scripting ) Via Image Javascript Injection. This is a creative way for XSS Injection. Read my advisory below and also a video too Document Title: =============== XSS on Twitch TV- 0day Vulnerability Authors ============ Aaditya Purani… Read More XSS on Twitch TV- 0day Vulnerability ( By Aaditya Purani)
Hello, I got Acknowledged by Fluxiom for reporting them Critical security vulnerability which lead to a account takeover. I got appreciated by their security engineer and a place in their security hall of fame was given. “Fluxiom offers seamless online file management in the cloud. Keep your files private, share them with a select audience… Read More Acknowledged by Fluxiom
Aaditya Purani - Hacker 