May 2, 2021Exploiting DOS Vulnerability in Smart ContractsHere we are using Damn Vulnerable DeFi is an Ethereum smart contract wargame developed by @tinchoabbate from OpenZeppelin for Testing Purpose. Prerequisite: Smart Contracts and How it works ? Understanding the code written in Solidity https://learnxinyminutes.com/docs/solidity/ Smart contract Deployment and Testing What are FlashLoans? 🙄 Understand DOS vulnerability in Smart…2 min read2 min read
Feb 5, 2021Part 1 : Hunting Vulnerabilities in Smart contractsPart 1 : Hunting Vulnerabilities in Smart contracts Independent Information Security Consultant focusing on security assessments (applications, infrastructures and smart contracts) Previously worked as bug bounty hunter with Multiple organizations like Microsoft (MSRC), Google, Zoho etc here is my personal portfolio https://www.ad3sh.com So first how smart contracts works ? 🤔 …Smart Contracts2 min readSmart Contracts2 min read
Jan 21, 2020Cross Site Request Forgery vulnerability Leads to User Profile Change in Microsoft Express LogicBasic Cross Site Request Forgery CSRF (Cross site request forgery) is the vulnerability that tricks the user to submit the malicious request if there is no implementation of the Anti-CSRF tokens in the forms or site. When implemented your website https://example.com will include a random generated number or token to…2 min read2 min read
Oct 2, 2019How I made 1000$ with AT&T Bug Bounty(H1)Hello, Guys, I m back with a new Story on bug bounty, I found this bug last year on AT&T bug bounty program (Now its H1 Program), thought of sharing it So here I would like to share how I got 1000$ for reporting CSRF vulnerability in AT&T which…Security3 min readSecurity3 min read
Aug 3, 2019University of Oxford web Portal Vulnerability -Host header PoisoningHi Guyz found a very common Vulnerability in oxford’s web portal Disclosed report - Vulnerability Found: Host Header Poisoning Description : Modifying the Host header in Mavenlink’s password reset functionality would inject an attacker’s link into the password reset email. …Security2 min readSecurity2 min read
Jul 26, 2019Full Account Takeover via Changing Email And Password of any User through API ParametersI’m going to talk about a common and strange password reset system that I have seen many times in Bug Hunting and in many VAPT projects. and in many cases this system opens the door to attacker to hack user’s accounts. The story started when I…Security2 min readSecurity2 min read
Oct 12, 2018Microsoft CSRF VulnerabilityI am Adesh Nandkishor Kolte an Independent Security Resercher From India and also working with SecureLayer7 as a Security Consultant Talking about Microsoft bug bounty first point they only accept submission which is high impact. Big `NO` to low hanging fruits and big `NO` if you can not exploit the…Security2 min readSecurity2 min read
Aug 24, 2018SQL Injection Vulnerability In University Of CambridgeSQL Injection Vulnerability In University Of Cambridge Hello Introduction Of Author: I am Adesh Nandkishor Kolte ,An Independent Security Resercher From India Found a SQL Injection Vulnerability in University Of Cambridge This is the most prevalent and most dangerous of web application vulnerabilities. Having this SQLi vulnerability in the application…Programming4 min readProgramming4 min read
Jun 7, 2018How I found XSS via SSRF vulnerability -Adesh KolteHello This is Adesh Nandkishor Kolte First Read This Articles How i converted SSRF TO XSS in jira. I m very much into Bug Bounty and i spend my whole day doing this finding new and interesting stuff and kept on…medium.com Piercing the Veil: Server Side Request Forgery to NIPRNet access During my reconnaissance of military websites as part of the Department of Defense’s vulnerability disclosure, I…medium.comSecurity2 min readSecurity2 min read
Jun 1, 2018How I Earned $750 Bounty Reward From AT&T bug Bounty -Adesh KolteHello Guyz This Is Adesh Nandkishor Kolte An Independent Security Resercher From India AT&T Bug Bounty Board has authorized a payout of $750.00 for Me in recognition of on one or more report submissions that AT&T have remediated during 1Q18.. AT&T Inc. is an American multinational conglomerate holding company headquartered…Security3 min readSecurity3 min read
