Some time ago, I joined a bug bounty program of a household name brand, who shall remain anonymous throughout this article. This write-up documents a journey of finding and exploiting SQL injection in some unexpected places. To get started, I randomly chose one of the 47 domains which were in scope and decided to perform […]
Author Archives Raghav Bisht
Pentest Diaries: Negative Transfers and Android eWallets don’t Mix
eWallets, or digital wallets are becoming evermore popular. Most Android eWallets are apps that allow a user to make electronic transactions, including purchasing items online or in-person. Some services even allow an individual’s bank account to be linked to the service. Naturally, breaking the security of such a system is not only interesting, but potentially, […]