Rahul Maini's blog

Apple Travel Portal RCE

I and Harsh discovered a 0-day RCE and exploited it against Apple's Travel portal. You'll be redirected to Github for this joint blog post in 5 seconds.

Server Side

Demystifying the Server-Side 2020

I, Harsh and Rajanish conducted a workshop at Ekoparty, HacktivityConf & NoNameCon 2020. Below are the links to the slides and video of the same :) We received really good feedback for the content presented and hope you enjoy it as well. Slides - https://docs.google.com/presentation/d/1dYmdqZh-8JJ-FV20dtAz4VTLshDNBIhpGvfr4xv0OiA

xxe

Spilling Local Files via XXE when HTTP OOB fails

Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ and later researched on it by GoSecure Team. The scenario was reading out Local Files on the server when HTTP Out of Band was

SQLi

Exploiting a Tricky Blind SQL Injection inside Limit Clause

Hey! Everyone I know its been a long time Since I last posted an article. so Today I am writing about a tricky SQL Injection that I was able to exploit in a private program. It was an in-scope subdomain which I got by using passive recon and the technology

CTF

H1-5411 CTF

Harsh and I solved very interesting H1-5411 CTF. You'll be redirected in 5 seconds!

XSS

Escalating Low Severity Bugs To High Severity

This time I am gonna share about some ways that I have learned & applied while participating in bounty programs and was able to escalate Low severity issues to higher severity. Let's Go To the Technical details straight: Note: You might also be able to use Window Object instead of

Local File Read

Local File Read via XSS in Dynamically Generated PDF

Hello Hunters, This time I am writing about a Vulnerability found in another private program(xyz.com) on Bugcrowd which at first I thought wasn't much impactful (P4) but later escalated it to a P1. While browsing the Application I came across an endpoint which allowed us to download some

XSS

Story of a Parameter Specific XSS

Hello Infosec folks! So I am going to start writing posts related to my bug hunting findings and share it with the community starting with this post. This post is about a Reflected XSS I found in a Private Program which has been previously tested many times. This XSS was