Advisory: Update your Gcash App now to the latest version. Disclaimer: The purpose of this research is to improve and strengthen security all issues discovered in this research are reported to the security team. The researcher is not affiliated with any hacking groups. The researcher didn’t include the sensitive data…

Disclaimer: The purpose of this research is to improve and strengthen security all issues discovered in this research are reported to the security team. The researcher is not affiliated with any hacking groups. The researcher didn’t include the sensitive data in this write-up to reduce expose to the vulnerability. …

In this write-up, I’ll tell you how I was able to launch Arbitrary URLs to the internal web of the shopping application. Description Due to the lack of URLs Sanitization that passes through activities, It’s possible to launch Arbitrary URLs to the internal web of the shopping application using a crafted…

In this write-up, I’ll tell you how I was able to Exfiltrate Database and Sandbox Files on End-to-End Encrypted Messaging Application. Description End-to-End Messaging application there are several places where the application use URI returned from a GET_CONTENT, PICK, etc. intent. Due to the lack of URI returned sanitizing an attacker/malicious…

Disclaimer: The purpose of this research is to improve and strengthen security all issues discovered in this research are reported to the security team. The researcher is not affiliated with any hacking groups. The researcher didn’t include the sensitive data in this write-up to reduce exposure to the vulnerability. …

Disclaimer: The purpose of this research is to improve and strengthen security all issues discovered in this research are reported to the security team. The researcher is not affiliated with any hacking groups. The researcher didn’t include the sensitive data in this write-up to reduce exposure to the vulnerability. …

While finding a facebook vulnerability I visited this interesting link with a back uri parameter endpoint So I view the source code and read it. After reading it i found out the url endpoint in the source code does not passing by linkshim, so by adding

While browsing and finding facebook vulnerability I accidentally found this facebook push notification link when I visited the facebook link something strange the whole facebook page has blank, there’s nothing here hmm so I view the source code and read it to analyze Snippet JavaScript Code

While using opera browser for android I noticed something strange the address bar in opera browser replaced by the reader mode and the web title added. I know that I can trigger the xss in reader mode but i dont know where so this my conclusion visit the website with…