As a Bug Bounty Hunter, I love to update myself about my favorite program from time to time. I still remember Mega has recently launched ‘Mega Business‘, business focusing services that cost around 10 EUR per user/month.
SQL Injection On MEGA.NZ
While checking Detectify Lab, I came across XSS Vulnerability on MEGA.CO.NZ which was found by Frans Rosen so I though of doing some test on MEGA but I ended with none. I didn’t give up ! after a while I thought of scanning & looking into sub domain of both mega.nz and mega.co.nz and found out eye catching sub-domain.
How I Hacked Your Hostgator Account
Hostgator is one of the biggest hosting service provider in the world but still it had some critical issue which let us to hack into any hostgator accounts with just a click i.e, CSRF.
Bypassing WhatsApp Subscription Payment
We all know about it, WhatsApp is an instant messaging app for smartphones. WhatsApp Messenger is a cross-platform mobile messaging app which allows you to exchange messages without having to pay for SMS. (Read More )
ProtonMail Vulnerability : Bypassing Invitation
ProtonMail is a secure encrypted email provider, which runs a “zero access” PGP mail service based in Switzerland. (Read More)
Since, ProtonMail doesn’t allow direct signup and they only accept the user through the invitation.
I had also signed up for ProtonMail to see the UI and all the things & go their invitation. I checked for some vulnerabilities and couldn’t find anything from the inside. Then I suddenly went through the invitation link which I was registered.