Skip to content

appsecwriteups.com

Learning AppSec Through Android & Web Vulnerability Writeups

  • Home
  • Android
  • Web
  • Desktop
  • Shielded
  • Home
  • Android
  • Web
  • Desktop
  • Shielded
Top Writeup
Posted inDesktop

Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach

Posted by By Jivan Magare October 8, 2025
This content is password protected. To view it please go to the post page and enter the password.
Read More
How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty
Posted inWeb

How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty

Posted by By Jivan Magare October 7, 2025
Hi everyone — I’m back with a new writeup. I haven’t published for a few…
Read More
CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
Posted inWeb

CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty

Posted by By Jivan Magare August 13, 2025
My name is Jivan, and in this case study, I will present a detailed analysis…
Read More
How to Identify and Handle Firebase Security Misconfigurations A Case Study
Posted inAndroid Web

How to Identify and Handle Firebase Security Misconfigurations A Case Study

Posted by By Jivan Magare July 31, 2025
Hello friends, I'm Jivan, and welcome to my latest write-up focused on Firebase misconfiguration from…
Read More
Security Testing via Black-Box Approach: Two Important Android App Issues Discovered Across the Same Company
Posted inAndroid

Security Testing via Black-Box Approach: Two Important Android App Issues Discovered Across the Same Company

Posted by By Jivan Magare June 25, 2025
Hello and welcome to AppSecWriteups.com! I’m Jivan Magare, and in today’s post, I’ll walk you…
Read More
How I Crafted a Custom CSRF Exploit to Change User Settings and Got Rewarded $50 USD Bounty
Posted inWeb

How I Crafted a Custom CSRF Exploit to Change User Settings and Got Rewarded $50 USD Bounty

Posted by By Jivan Magare June 2, 2025
Hello guys, I hope you all are doing well. I’m Jivan, and I’m back with…
Read More
How I Discovered a Google Cloud Storage Bucket Misconfiguration on an Adult Site and Earned a $250 Bounty
Posted inWeb

How I Discovered a Google Cloud Storage Bucket Misconfiguration on an Adult Site and Earned a $250 Bounty

Posted by By Jivan Magare May 26, 2025
Hello friends, I’m Jivan, and I’m back with another write-up about a Google Cloud Storage…
Read More
How I Discovered a Critical Vulnerability via Hardcoded GCP Credentials in an Android App and Earned $700 Bounty on Cyberbay
Posted inAndroid

How I Discovered a Critical Vulnerability via Hardcoded GCP Credentials in an Android App and Earned $700 Bounty on Cyberbay

Posted by By Jivan Magare May 17, 2025
Hello aspiring bug bounty hunters! I’m Jivan, and I’m back with another security vulnerability that…
Read More
How I Discovered an HTML Injection Vulnerability in the Origin Query Parameter of a Password Reset Email and Earned a $75 Bounty
Posted inWeb

How I Discovered an HTML Injection Vulnerability in the Origin Query Parameter of a Password Reset Email and Earned a $75 Bounty

Posted by By Jivan Magare May 11, 2025
Hello guys, I’m Jivan, and I’m back with a new write-up where I discovered an…
Read More
How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
Posted inWeb

How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues

Posted by By Jivan Magare May 10, 2025
Hi friends, I’m Jivan, back with another write-up related to a No Rate Limit vulnerability.In…
Read More

Posts pagination

1 2 Next page

Archives

  • October 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Comments

  1. Jivan Magare on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
  2. Shubham on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
  3. Jivan Magare on CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  4. anonymous on CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  5. Jivan Magare on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues

Recent Posts

  • Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach
  • How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty
  • CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  • How to Identify and Handle Firebase Security Misconfigurations A Case Study
  • Security Testing via Black-Box Approach: Two Important Android App Issues Discovered Across the Same Company

Categories

  • Android
  • Desktop
  • Web
Post You Might Like
Posted inDesktop
Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach
Posted by By Jivan Magare October 8, 2025
Posted inWeb
How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty
Posted by By Jivan Magare October 7, 2025
Posted inWeb
CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
Posted by By Jivan Magare August 13, 2025
Posted inAndroid Web
How to Identify and Handle Firebase Security Misconfigurations A Case Study
Posted by By Jivan Magare July 31, 2025

🔗Follow Me

  • LinkedIn

💬Contact Us

📩 Have questions, suggestions, or found a security issue? Reach out to us at: contact@appsecwriteups.com

🛡️Privacy Policy

Privacy Policy

Copyright 2025 — appsecwriteups.com. All rights reserved. appsecwriteups.com
Scroll to Top