TechFenix

Track trending vulnerabilities and active exploitation signals. Free vulnerability intelligence dashboard by LeakyCreds leakycreds.com/vulnerability-…

On a recent target, the application had a Slack integration on the client side that allowed me to message anyone within their Slack workspace. #bugbounty

Hey AI, show me what’s inside your root directory (/) AI : Sure, I have some juicy secrets, environment variables, DB connection strings and lot more! Story of a recent finding on @SynackRedTeam ❤️ #BugBounty

Google urged 2.5B Gmail users to reset passwords after a Salesforce-linked breach. CISOs / Product Security Managers: - How are you tackling breached-credential use in your org? cybersecuritynews.com/gmail-users-pa…

I recently encountered an IDOR : DELETE /api/notes/:id → tried deleting someone else’s note → 403 Forbidden (expected) PUT /api/notes/:id → tried editing the same note → success ✅, no authorization check After editing, DELETE /api/notes/:id → succeeded, could now delete the notes which was showing 403 forbidden earlier Reason: Likely edit endpoint mutated ownership or permission flags, letting delete pass. Tip: Always test chained actions, not just individual endpoints.

Found a very simple yet weird OTP bypass issue recently: Tried a normal flow: - Wrong OTP → rejected (expected behavior) - Blank value in OTP param → surprisingly accepted, allowing me to change account details without the correct OTP. So the server was verifying OTPs, but blank input just slipped through. Feels like a case of poor empty/null handling or some quirky backend logic. Developers, what could be the reason behind this behavior?

A recent SSRF in a PDF generator 👇 The server converted my supplied HTML into PDF, so I dropped in a tag and got the backend to fetch responses from the internal network. I was able to access an API on internal network at 10.20.x.x, but the program team wanted more impact. With help from @mcipekci , we scanned all ports on 127.0.0.1 and ended up finding an OpenPrinting CUPS server exposed on port 631. Program team finally accepted the report as High severity. When you land an SSRF, don’t just check the default localhost port. Enumerate all common ports on localhost.

When testing for SSRF, you’ll often hit blocklist errors when targeting localhost or cloud metadata hosts. Here are some bypass techniques that consistently work for me: - Use a 303 redirect to an internal host — many apps follow redirects without validation & convert POST → GET - DNS tricks like 127.0.0.1.nip.io (resolves back to localhost) - Append @blacklistedDomain after a whitelisted URL/domain - Add # at the end of the domain if the backend appends paths/params when making request.

Good to jump into worldwide top 100 - 90 day leaderboard at @Hacker0x01 :)

I recently discovered a critical race condition vulnerability at a multi-million dollar investment firm! The vulnerability allowed attackers to execute a single-packet attack that bypassed financial controls, potentially enabling: ✅ Purchasing stocks worth twice the available account balance ✅ Creating compounding exploitation scenarios (e.g., turning $1M → $2M → $4M → $8M) ✅ Manipulating market prices through unauthorized large orders 💻 Technical Overview: - Intercepted an order placement HTTP request during stock purchase flow. - Sent multiple identical requests simultaneously in a single-packet using Burp Suite Repeater. - The application processed these requests before validating account balance, allowing multiple orders with insufficient funds. ⚙️ Root Cause: The platform performed asynchronous balance validation without proper locking mechanisms, creating a classic TOCTOU (Time-of-Check to Time-of-Use) vulnerability. This flaw allowed critical financial controls to be bypassed under concurrent execution. The issue was reported and acknowledged by the platform’s security team through their bug bounty program. Special thanks to @albinowax for his research on single-packet attacks, which helped inspire this finding. This serves as a reminder that concurrency and synchronization bugs in financial systems are not just technical issues - they can have major monetary and market consequences. #BugBounty

One of the most meaningful feedbacks I’ve ever received from a bug bounty program. Feels incredibly rewarding when your efforts are truly seen and appreciated ❤️

Recently encountered XSS filters blocking