Documented vulnerabilities discovered through ethical research and bug hunting.
Discovered a Server-Side Request Forgery that allowed internal IP probing, metadata endpoint access, and exposure of internal cloud infrastructure through manipulated request parameters.
↗ Read Full Write-UpIdentified a price manipulation vulnerability in an e-commerce application where the backend blindly trusted client-side request values, allowing attackers to modify product prices before checkout.
↗ Read Full Write-UpFound a Punycode-based vulnerability that can lead to a serious 0-click Account Takeover when applications blindly trust user-controlled input. No interaction from the victim required.
↗ Read Full Write-Up