Skip to content
appsecwriteups.com

Learning AppSec Through Android & Web Vulnerability Writeups

  • Home
  • Android
  • Web
  • Desktop
  • Shielded
  • Home
  • Android
  • Web
  • Desktop
  • Shielded
Top Writeup
Home » Desktop
Posted inDesktop

Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach

Posted by By Jivan Magare October 8, 2025
This content is password protected. To view it please go to the post page and enter the password.
Read More

Archives

  • October 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Comments

  1. Jivan Magare on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
  2. Shubham on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
  3. Jivan Magare on CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  4. anonymous on CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  5. Jivan Magare on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues

Recent Posts

  • Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach
  • How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty
  • CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  • How to Identify and Handle Firebase Security Misconfigurations A Case Study
  • Security Testing via Black-Box Approach: Two Important Android App Issues Discovered Across the Same Company

Categories

  • Android
  • Desktop
  • Web

🔗Follow Me

  • LinkedIn

💬Contact Us

📩 Have questions, suggestions, or found a security issue? Reach out to us at: contact@appsecwriteups.com

🛡️Privacy Policy

Privacy Policy

Copyright 2025 — appsecwriteups.com. All rights reserved. appsecwriteups.com
Scroll to Top