Second Order XXE Exploitation

2022-10-19 :: Kuldeep Pandya
#XXE  #LFI 
A writeup about my finding on Synack that was an XXE that allowed me to read local files stored on the web server.
Read more →

NoSQL Injection in Plain Sight

2022-04-04 :: Kuldeep Pandya
#NoSQL 
A writeup about a recent NoSQL injection I found in Synack Red Team
Read more →

Path Traversal Paradise

2022-01-23 :: Kuldeep Pandya
#LFI  #PathTraversal 
A writeup about the path traversals that I found in Synack Red Team
Read more →

120 Days of High Frequency Hunting

2022-01-15 :: Kuldeep Pandya
#SQLi  #LFI  #XSS  #SSRF  #IDOR  #ACPV  #PathTraversal 
A writeup about my journey to find 120 bugs in 120 days
Read more →

Prove Yourself as 1337 Null Ahmedabad

2022-01-15 :: Kuldeep Pandya
#  # 
A short writeup on the ‘Prove Yourself as 1337’ challenge at Null Ahmedabad CTF
Read more →