How I took control of your Twitter account (tweeting, viewing/deleting photos and other media)

Summary: This blog post is about an Insecure direct object reference vulnerability on Twitter which could have been used by attackers to tweet from other accounts, upload videos on behalf of user, delete pics/videos from victim's tweets, view private media uploaded by other twitter accounts etc...

How anyone could have used Uber to ride for free!

Note: This is being published with the permission of Uber under the responsible disclosure policy. The vulnerability was fixed in August 2016. Summary: This post is about an interesting bug on Uber which could have been used to ride for free anywhere in the world. Attackers could have misused thi...

[Responsible disclosure] How I could have hacked all Facebook accounts

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Summary: This post is about a simple vulnerability found on Facebook which could have been used to hack into other user's Facebook account easily without any user...

[Responsible disclosure] How I could have removed all your Facebook notes

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Summary: This blog post is about an Insecure direct object reference vulnerability in Facebook Notes using which attacker could have removed all your notes just b...

[Responsible disclosure] How I could have hacked 62.5 million Zomato Users

Note: This is being published with the permission of Zomato Team. The vulnerability is now fixed. Zomato is an online restaurant search and discovery service providing information on home delivery, dining-out, cafés and nightlife for various cities of India and 21 other countries. It has 62.5...

[Responsible disclosure] Hacking Facebook.com/thanks Posting on behalf of your friends!

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Facebook recently introduced "Say Thanks", an experience that lets Facebook user to create personalized video cards for their facebook friends. To create a Thanks...