The Art Of Zendesk Hijacking

The Art Of Zendesk Hijacking

Back in July 2023, I was testing a HackerOne Private Program [ let’s call this target ] and this target scope was pretty limited. The scope was – The subdomain looks interesting and I quickly used to look for any beta or dev environment for this admin subdomain using the query […]

IDOR Leads To Leak Any Uber Eats Restaurant Analytics

Hi fellow Hackers,At first Ramadan Kareem! Wishing everyone a very happy Ramadan. Today I will write about an Insecure direct object references (IDOR) vulnerability that I recently discovered in Uber Eats Restaurant. The Uber Eats Restaurant web application at is using GraphQL. Back in March, I was doing a collaboration on a Uber report […]

Vine User’s Private information disclosure

What is Vine? Vine was an American social networking short-form video hosting service where users could share six or seven second-long, looping video clips. It was founded in June 2012; American microblogging website Twitter acquired it in October 2012, well before its official release on January 24, 2013. Today I will write about a Critical […]

External link warning page bypass in Zerocopter

Description: is a bug bounty platform for Ethical hackers just like Hackerone. In Zerocopter reports, users can use Markdown. Users are also allowed to give external links in reports. If a user clicks on the External link in reports then it takes the user to an external warning page like the below screenshot But I […]