Mega.nz Vulnerability: Payment Bypass on Mega Business
As a Bug Bounty Hunter, I love to update myself about my favorite program from time to time. I still remember Mega has recently launched ‘Mega Business‘, business focusing services that cost around 10 EUR per user/month.
Dynamic Execution : ASP.NET with Bootstrap
We are very much thankful to that ‘YouTube Video’ which made our module leader ‘Dhurba Sir’ emotional and forced him to extend our assignment deadline for 7 days. But still we were a lazy ass who did start the assignment just two days before our assignment submission (Yesterday, 26th April,2017).
2016 – Year in Review
2016 : what a roller coaster ride of a year !
Infox – App that let you find Student Info.
I was going through some Google+ posts at my previous office (eSewa) as Facebook was restricted during office hours then suddenly I came across a post. It was a cartoon post of people at beach like girls, boys, man, women and children enjoying the sunshine and playing at the beach.
My Small Effort for these Beautiful Children
Recently, I visited my birthplace, Phulbari which is in Taplejung district. It’s a beautiful place which comes after traveling though many beautiful places like Illam, Phidim and Taplejung.
You are Love
While many of us look for love from a partner and mate, we often miss out on the person who has some amazing love to give, and who is amazing: the person looking back at us from the mirror.
GoPro Ride : To Lakeside, Pokhara
I am a big fan of GoPro. I love this device and it’s so amazing to see how people are using this device to capture best moments of their life.
Beauty of Sign Language
It feels so amazing when you are able to understand the beautiful sign made by those beautiful & cute people to express their voice to the world. What make you feel even better is when you are the interpreter for them to the world.
eSewa – Technology Review ( College Assignment 2014 )
I remember back in days on Introduction to Information Technology module we did an assignment on technology review on any technical product so I did it on eSewa. Even though all I got was a B grade for this assignment but still I would love to share my report as it might be useful for other student who might be looking for the sample or for the review report for their project.
Mega Vulnerability: SQL Injection On MEGA.NZ
While checking Detectify Lab, I came across XSS Vulnerability on MEGA.CO.NZ which was found by Frans Rosen so I though of doing some test on MEGA but I ended with none. I didn’t give up ! after a while I thought of scanning & looking into sub domain of both mega.nz and mega.co.nz and found out eye catching sub-domain.
How I Hacked Your Hostgator Account
Hostgator is one of the biggest hosting service provider in the world but still it had some critical issue which let us to hack into any hostgator accounts with just a click i.e, CSRF.
How I Hacked Your Bluegape Account
So, while making a signup on the website through the social media ( Facebook ) I found that lot of requested were being made on the site regarding the registered user from Facebook like names, profile link , fb profile image, username, password, accessToken, Gender, email etc.
so just for a fun I changed all info to Mark Zuckerberg information and it was all accepting and then I suddenly went to the site and saw that username field is disabled and I was unable to make it then I went back to the request and change the username to “zuck” and it was like boom it worked. Then I saw there was another parameter _id but it was encrypted so I just created another account and got it’s id and replaced the info and I was able to take over another account.
Bypassing WhatsApp Subscription Payment
We all know about it, WhatsApp is an instant messaging app for smartphones. WhatsApp Messenger is a cross-platform mobile messaging app which allows you to exchange messages without having to pay for SMS. (Read More )
27 Things To Do Before You Settle Down
Life is a always beautiful than you have ever thought. Life is all about creating & living yourself. You can say life is a freedom. You are the king of your own. Do what ever you life and go wherever you want.
Life is always beautiful but still there are some major turning points in which you have to move according to it but still BuzzFeed has made a video with a list of the things which you should do befoer you settle down. And settling down is a life changing process of a human being. 😀
ProtonMail Vulnerability : Bypassing Invitation
ProtonMail is a secure encrypted email provider, which runs a “zero access” PGP mail service based in Switzerland. (Read More)
Since, ProtonMail doesn’t allow direct signup and they only accept the user through the invitation.
I had also signed up for ProtonMail to see the UI and all the things & go their invitation. I checked for some vulnerabilities and couldn’t find anything from the inside. Then I suddenly went through the invitation link which I was registered.
In Search of The Most Dangerous Town On the Internet
Love Has No Labels
Multiple Signup with Single Email Address
Nepali Typing – Not A Big Deal
Experience worth more than Marks & Grade !