As a Bug Bounty Hunter, I love to keep update about my favorite program from time to time. I still remember Mega has recently launched ‘Mega Business‘, business focusing services which cost around 10 EUR per user/month.
SQL Injection On MEGA.NZ
While checking Detectify Lab, I came across XSS Vulnerability on MEGA.CO.NZ which was found by Frans Rosen so I though of doing some test on MEGA but I ended with none. I didn’t give up ! after a while I thought of scanning & looking into sub domain of both mega.nz and mega.co.nz and found out eye catching sub-domain.
How I Hacked Your Hostgator Account
Hostgator is one of the biggest hosting service provider in the world but still it had some critical issue which let us to hack into any hostgator accounts with just a click i.e, CSRF.
Bypassing WhatsApp Subscription Payment
ProtonMail Vulnerability : Bypassing Invitation
Since, ProtonMail doesn’t allow direct signup and they only accept the user through the invitation.
I had also signed up for ProtonMail to see the UI and all the things & go their invitation. I checked for some vulnerabilities and couldn’t find anything from the inside. Then I suddenly went through the invitation link which I was registered.