rahul@noob ~ % cat disclosures/*.md
Rahul Maini
Infosec writeups — field notes from finding and escalating real bugs in the wild.
▚ Case index
8 entries · newest first-
Apple Travel Portal RCE
CASE · Jan 2021·Apple Travel Portal ·joint research w/ Harshlinks out ↗ -
Demystifying the Server-Side 2020
CASE · Sep 2020·Ekoparty · Hacktivity · NoNameCon ·1 min readSep 02, 2020 -
Spilling Local Files via XXE when HTTP OOB fails
CASE · Dec 2019·JBoss / REST API ·6 min readDec 07, 2019 -
Exploiting a Tricky Blind SQL Injection inside Limit Clause
CASE · Jul 2019·MySQL LIMIT clause ·4 min readJul 21, 2019 -
H1-5411 CTF
CASE · Sep 2018·HackerOne live CTF ·solved w/ Harshlinks out ↗ -
Escalating Low Severity Bugs To High Severity
CASE · Jul 2018·Multiple targets ·6 min readJul 20, 2018 -
Local File Read via XSS in Dynamically Generated PDF
CASE · Nov 2017·PDF generator ·3 min readNov 08, 2017 -
Story of a Parameter Specific XSS
CASE · Sep 2017·Web app ·2 min readSep 19, 2017