Abdulaziz's Writeups

IDOR in Government Ownership API Exposed Private Business Owner PII via CR Number Enumeration

Severity: HighBounty Awarded: $1,506Program: Private Bug BountyPlatform: Bugbounty.sa Some IDORs are obvious immediately. You change an ID. Someone else’s data appears. Easy. Others look harmless at f

May 21, 20266 min read

Zero-Click Stored XSS in Chat: When “Just Open the Window” Is Enough

Severity: HighBounty Awarded: $394Program: Private Bug BountyPlatform: Bugbounty.sa Most chat XSS bugs are noisy. You send a payload. The victim has to click something. Refresh the page. Open the mes

May 18, 20269 min read

From Username Enumeration to Subscriber PII: Chaining 3 Weak Findings in a Telecom Ecosystem

Severity: MediumBounty Awarded: $560Program: Private Bug Bounty Most hunters have encountered login enumeration and immediately deprioritized it. Different response. Different redirect. Different word

May 15, 20268 min read

Command Palette

Latest articles