Skip to content
appsecwriteups.com

Learning AppSec Through Android & Web Vulnerability Writeups

  • Home
  • Android
  • Web
  • Desktop
  • Shielded
  • Home
  • Android
  • Web
  • Desktop
  • Shielded
Top Writeup
Home » Web
Posted inWeb

Protected: Why a Critical-Looking Vulnerability Was Downgraded: Exposed SSH Credentials Explained

Posted by By Jivan Magare January 15, 2026
This content is password protected. To view it please go to the post page and enter the password.
Read More
How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty
Posted inWeb

How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty

Posted by By Jivan Magare October 7, 2025
Hi everyone — I’m back with a new writeup. I haven’t published for a few…
Read More
CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
Posted inWeb

CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty

Posted by By Jivan Magare August 13, 2025
My name is Jivan, and in this case study, I will present a detailed analysis…
Read More
How to Identify and Handle Firebase Security Misconfigurations A Case Study
Posted inAndroid Web

How to Identify and Handle Firebase Security Misconfigurations A Case Study

Posted by By Jivan Magare July 31, 2025
Hello friends, I'm Jivan, and welcome to my latest write-up focused on Firebase misconfiguration from…
Read More
How I Crafted a Custom CSRF Exploit to Change User Settings and Got Rewarded $50 USD Bounty
Posted inWeb

How I Crafted a Custom CSRF Exploit to Change User Settings and Got Rewarded $50 USD Bounty

Posted by By Jivan Magare June 2, 2025
Hello guys, I hope you all are doing well. I’m Jivan, and I’m back with…
Read More
How I Discovered a Google Cloud Storage Bucket Misconfiguration on an Adult Site and Earned a $250 Bounty
Posted inWeb

How I Discovered a Google Cloud Storage Bucket Misconfiguration on an Adult Site and Earned a $250 Bounty

Posted by By Jivan Magare May 26, 2025
Hello friends, I’m Jivan, and I’m back with another write-up about a Google Cloud Storage…
Read More
How I Discovered an HTML Injection Vulnerability in the Origin Query Parameter of a Password Reset Email and Earned a $75 Bounty
Posted inWeb

How I Discovered an HTML Injection Vulnerability in the Origin Query Parameter of a Password Reset Email and Earned a $75 Bounty

Posted by By Jivan Magare May 11, 2025
Hello guys, I’m Jivan, and I’m back with a new write-up where I discovered an…
Read More
How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
Posted inWeb

How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues

Posted by By Jivan Magare May 10, 2025
Hi friends, I’m Jivan, back with another write-up related to a No Rate Limit vulnerability.In…
Read More

Archives

  • January 2026
  • October 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Comments

  1. Jivan Magare on Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach
  2. Shubham on Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach
  3. Jivan Magare on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
  4. Shubham on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
  5. Jivan Magare on CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty

Recent Posts

  • Protected: Why a Critical-Looking Vulnerability Was Downgraded: Exposed SSH Credentials Explained
  • Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach
  • How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty
  • CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  • How to Identify and Handle Firebase Security Misconfigurations A Case Study

Categories

  • Android
  • Desktop
  • Web

🔗Follow Me

  • LinkedIn

💬Contact Us

📩 Have questions, suggestions, or found a security issue? Reach out to us at: contact@appsecwriteups.com

🛡️Privacy Policy

Privacy Policy

Copyright 2026 — appsecwriteups.com. All rights reserved. appsecwriteups.com
Scroll to Top