Hello Hunters, Hope you’re doing well. Ever thought about what can happen if you read any stranger’s “Hey!” message? Nothing will happen, right?! 🤔

Let me prove you wrong!! So relax and let me explain how a simple “Hey!” can turn into your worst nightmare!! 👻

I’m sure this would be you right now…😂

Let’s Begin

Cross-site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS is the most dangerous of all. To successfully execute a stored XSS attack, a perpetrator has to locate a vulnerability in a web application and then inject…


Hello Hunters, This is a Tale of how I decoded the Verification flow of a well-known web application & bypassed the Phone Verification process because of the Initial code set at the Backend ❤

Damn Excited! Can’t wait to share this…😍

Let’s Begin

The Web Application was a Server Hosting Management System with 24x7 support, Datacentre facilities, etc. After creating an account, a server of the user’s choice is hosted which means a Resource was being utilized. However, the Unnecessary creation of accounts could lead to excessive exploitation of available resources.

For which, a Phone verification mechanism was implemented where the user…


Hello Hunters, This is a Tale of how I used an Application’s feature against itself to give rise to a Stored Cross Site Scripting Vulnerability. So relax and Enjoy the article ❤

Damn Excited to share this story…..😍

Let’s Begin

Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS are the most dangerous of all. To successfully execute a stored XSS attack, a perpetrator has to locate a vulnerability in a web application and then inject malicious script into its server.
Unlike Reflected, The attacker does not need to find an external…


Hello Hunters, This is my FIRST Medium Article covering the Story of my FIRST 4 Digit bounty which was FIRST marked as a Duplicate but later found out to be a Unique submission after a long span of 25 days and also got gifted with a PentesterLab Pro Subscription for 3 months.😎

I’m very much excited to share this story or so called a TRAGEDY, with you all guys! 😂

Let’s Begin…

Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS are the most dangerous of all. To successfully execute a…

Shrirang Diwakar

Co-Founder at Knock Security Solutions | Ethical Hacker | Bug Bounty Hunter | Content Creator | Ideator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store