Gaurav Popalghat
Security Consultant
AWS Cognito Misconfigurations: The Silent Killer of Your Cloud Security
Why Do Organizations Prefer AWS Cognito and What Is It? Amazon Cognito is a tool that provides authentication, authorization, and user management services for both web and mobile applications. It supports sign-in with various providers such as Facebook, Google, or Apple. The tool has two main components: user pools and identity pools, which can…
How I was able to inject XSS payload into any user’s mailbox
Hello guys, First of all thanks for giving lots of love to my first writeup ! If you haven’t read my first writeup yet, take a look here . Let’s get start without wasting any time ! So basically this is something which I found last year, while recon I found email of admin and then I…
API Misconfiguration which leads to unauthorized access to servicedesk tickets
Hello Guys, Hope you are doing well in bug bounty. Ever common bugs getting duplicate so thought to share one of my unique finding, as site name not allowed to disclosure we consider it as redacted.com. However its my first writeup so ignore the mistakes and sorry for bad english ! Without wasting time let’s…