YashoinInfoSec Write-upsRCE on a Laravel Private ProgramThe recent Laravel CVE enables remote attackers to exploit a RCE flaw in websites using Laravel. I’ve read the article about the…3 min read·Feb 20, 2021--1--1
YashoinInfoSec Write-upsTaking down the SSO, Account Takeover in 3 websites of Kolesa due to Insecure JSONP CallHello, this post is about how I could take-over any account of Kolesa’s websites using Single Sign-On. There was an insecure JSONP call…4 min read·Sep 28, 2020--1--1
YashoinInfoSec Write-upsStory of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear TextThis post is about how I and my friend got roughly 2500$ from Cafebazaar bug bounty program.4 min read·Jul 2, 2020--2--2
YashoinInfoSec Write-upsBroken Authentication in Mobile ApplicationFew months ago I had a penetration test project of a mobile application. I found an interesting vulnerability which made me capable of…2 min read·Apr 16, 2020----
YashoinInfoSec Write-upsASIS CTF — ShareL WalkthroughHello, The reader of this walkthrough should know these topics:7 min read·Nov 18, 2019--1--1
YashoinInfoSec Write-upsASIS CTF — Protected Area 1 & 2 WalkthroughHello, The reader of this walkthrough should know these topics:5 min read·Nov 17, 2019----
YashoinInfoSec Write-ups1-Click Account Takeover in Virgool.io — a Nice Case StudyHello, Virgool is a light, Iranian version of meduim.com, recently I found 1-click account takeover vulnerability in their product.5 min read·Jun 27, 2019----
YashoinInfoSec Write-upsDigging Android Applications — Part 1 — Drozer + BurpHello, in this post I’m going to solve the first section of Andrill:4 min read·Jun 7, 2019--2--2
YashoinInfoSec Write-upsAndroid Hook — ASIS CTF Final 2018 — Gunshops Question WalkthroughThe participants were given an APK named GunShop.apk. Opening the APK in Android showed a login page. We went on analyzing the application.7 min read·Nov 26, 2018----
YashoinInfoSec Write-upsNodeJS SSRF by Design Flaw — ASIS Final 2018 — SSLVPN Challenge WalkthroughThe participants were given a URL, opening the URL led to a login page. The main idea of the challenge was exploiting an SSRF…5 min read·Nov 26, 2018--2--2