Sublist3r is a python tool that is designed to enumerate sub domains of website through OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates sub domains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.
SQL Injection On MEGA.NZ
While checking Detectify Lab, I came across XSS Vulnerability on MEGA.CO.NZ which was found by Frans Rosen so I though of doing some test on MEGA but I ended with none. I didn’t give up ! after a while I thought of scanning & looking into sub domain of both mega.nz and mega.co.nz and found out eye catching sub-domain.
How I Hacked Your Hostgator Account
Hostgator is one of the biggest hosting service provider in the world but still it had some critical issue which let us to hack into any hostgator accounts with just a click i.e, CSRF.
Whatsapp Vulnerability : Bypassing WhatsApp Subscription Payment
ProtonMail Vulnerability : Bypassing Invitation
Since, ProtonMail doesn’t allow direct signup and they only accept the user through the invitation.
I had also signed up for ProtonMail to see the UI and all the things & go their invitation. I checked for some vulnerabilities and couldn’t find anything from the inside. Then I suddenly went through the invitation link which I was registered.