Skip to content

appsecwriteups.com

Learning AppSec Through Android & Web Vulnerability Writeups

  • Home
  • Android
  • Web
  • Desktop
  • Shielded
  • Home
  • Android
  • Web
  • Desktop
  • Shielded
Top Writeup
How I Discovered a High-Severity IDOR Vulnerability in an Android Hotel Booking App and Earned a $80 Bounty
Posted inAndroid

How I Discovered a High-Severity IDOR Vulnerability in an Android Hotel Booking App and Earned a $80 Bounty

Posted by By Jivan Magare May 9, 2025
Hi everyone, Jivan here!I'm back with another Android vulnerability report. In this write-up, I’ll walk…
Read More
How I Found an OTP Bypass Vulnerability in an Android App and Was Rewarded 150€ Euros as a Bounty
Posted inAndroid

How I Found an OTP Bypass Vulnerability in an Android App and Was Rewarded 150€ Euros as a Bounty

Posted by By Jivan Magare May 9, 2025
Welcome to my very first bug bounty write-up! Hi, I'm Jivan — a passionate self-taught…
Read More

Posts pagination

Previous page 1 2

Archives

  • October 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Comments

  1. Jivan Magare on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
  2. Shubham on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues
  3. Jivan Magare on CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  4. anonymous on CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  5. Jivan Magare on How I Found a No Rate Limit Vulnerability on a Login Endpoint, Earned a 100€ Bounty, and My Approach to Testing for No Rate Limit Issues

Recent Posts

  • Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach
  • How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty
  • CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
  • How to Identify and Handle Firebase Security Misconfigurations A Case Study
  • Security Testing via Black-Box Approach: Two Important Android App Issues Discovered Across the Same Company

Categories

  • Android
  • Desktop
  • Web
Post You Might Like
Posted inDesktop
Protected: My First Day Pentesting Thick‑Client Apps — Discovered a Critical IDOR in a Desktop Client with a Full Black‑Box Approach
Posted by By Jivan Magare October 8, 2025
Posted inWeb
How I Found a Critical Privilege Escalation That Let an Unprivileged User Become Admin and Earn $579 USD Bounty
Posted by By Jivan Magare October 7, 2025
Posted inWeb
CSRF Account Deletion: How I Turned an “Excluded” Bug Into $87 USD Bounty
Posted by By Jivan Magare August 13, 2025
Posted inAndroid Web
How to Identify and Handle Firebase Security Misconfigurations A Case Study
Posted by By Jivan Magare July 31, 2025

🔗Follow Me

  • LinkedIn

💬Contact Us

📩 Have questions, suggestions, or found a security issue? Reach out to us at: contact@appsecwriteups.com

🛡️Privacy Policy

Privacy Policy

Copyright 2025 — appsecwriteups.com. All rights reserved. appsecwriteups.com
Scroll to Top