RAHUL MAINI · offensive security
rahul@noob ~ % cat disclosures/*.md

Rahul Maini

Infosec writeups — field notes from finding and escalating real bugs in the wild.

8disclosures
2017–2021archive
httpvoid ↗current research

Case index

8 entries · newest first
  1. RCE Critical

    Apple Travel Portal RCE

    CASE · Jan 2021·Apple Travel Portal ·joint research w/ Harsh
    links out ↗
  2. Server-Side Talk

    Demystifying the Server-Side 2020

    CASE · Sep 2020·Ekoparty · Hacktivity · NoNameCon ·1 min read
    Sep 02, 2020
  3. XXE High

    Spilling Local Files via XXE when HTTP OOB fails

    CASE · Dec 2019·JBoss / REST API ·6 min read
    Dec 07, 2019
  4. SQLi High

    Exploiting a Tricky Blind SQL Injection inside Limit Clause

    CASE · Jul 2019·MySQL LIMIT clause ·4 min read
    Jul 21, 2019
  5. CTF CTF

    H1-5411 CTF

    CASE · Sep 2018·HackerOne live CTF ·solved w/ Harsh
    links out ↗
  6. XSS Medium

    Escalating Low Severity Bugs To High Severity

    CASE · Jul 2018·Multiple targets ·6 min read
    Jul 20, 2018
  7. LFR High

    Local File Read via XSS in Dynamically Generated PDF

    CASE · Nov 2017·PDF generator ·3 min read
    Nov 08, 2017
  8. XSS Low

    Story of a Parameter Specific XSS

    CASE · Sep 2017·Web app ·2 min read
    Sep 19, 2017