Detectify Crowdsource is not your average bug bounty platform. It’s an invite-only community of the best ethical hackers who are passionate about securing modern technologies ...

Who is Krishnadev P Melevila?

Burp-suite Collaborator

Hello everyone, this is my first post. I’ve been thinking about writing about my findings for a while, so here we go.

A collection of small XSS payloads

I have found vulnerability which allows attacker to generate steam wallet balance.

Firstly you will have to change yours steam account email to something like (I will explain why in next steps,...

We have determined that through a chain of 3 vulnerabilities, it is possible for any U4B user to apply credit card charges or holds to any business using the Vouchers site. These charges originate...

If you are a bug bounty hunter or security researcher, you must be familiar with a technique called Fuzzing. In case you just newly…

rConfig 3.9.6 chained exploits

In this write up I am going to describe the path I walked through the bug hunting from the beginner level. This write-up is purely for new…

Many people who are starting to work with the Android OS are having difficulties to understand the application sandbox concept. This…

On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the…

GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code. CodeQL is known as a tool to inspect open source repositories, however its usage is not limited just to it. In this article…

Continuing from his previous post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera's Bug Bounty Programme: a Remote Code Execution in Opera's My Flow Feature. What follows is his write-up and experience.

Assalamualaikum, wr,wb ,

In previous post, we discussed about how to setup a Recon Machine on VPS and how to use Screen to maintain your recon process even after…

The Peloton Bike ran an unpatched version of Android 7 which led to it being vulnerable to a number of known issues, most significantly CVE-2021-0326, which could allow an attacker within WiFi range to execute arbitrary code on the device with no user interaction.

Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide.

Get all the writeups from Day 1 to 21, Click Here Or Click Here.