PinnedRevan AinInfoSec Write-upsHow To Explore and Exploit GraphQL [Indonesia]Halo! karena jarang artikel bahasa Indonesia yang bahas soal GraphQL, jadi gw bikin artikel ini.. semoga bisa jadi referensi buat…Dec 15, 20231Dec 15, 20231
Revan ACVE-2023–51356: ARMember <= 4.0.10 — Authenticated Privilege EscalationBackend code of edit profile feature is vulnerable for Privilege Escalation attack. Attacker can manipulate request for getting higher roleDec 28, 2023Dec 28, 2023
Revan ACVE-2023–47837: ARMember <= 4.0.10 — Bypass Membership PlanProfile feature is vulnerable for Bypass Membership Plan. Attacker can manipulate the request to get “Membership Plan” without payingNov 21, 2023Nov 21, 2023
Revan AinInfoSec Write-upsCVE-2023-41954: ProfilePress <= 4.13.1 — Unauthenticated Privilege EscalationPrivilege Escalation vulnerability on ProfilePress Plugin. Malicious actor could register an account as Editor, Author, or other existing…Sep 14, 2023Sep 14, 2023
Revan AinInfoSec Write-upsCVE-2023–39308: User Feedback <= 1.0.7 — Unauthenticated Stored XSSSubmit Feedback feature doesn’t filter submitted Text. So, Attacker can submit malicious script.Sep 6, 2023Sep 6, 2023
Revan ABypass SMS Authentication To Account TakeoverHaloo guys! Artikel kali ini membahas tentang bypass OTP.. dan menurut gw pribadi ini case yang cukup unik. Sebelum masuk ke…May 13, 2023May 13, 2023
Revan AIDOR on Resend SMS VerificationHaloo Bug Hunter! gimana kabarnya? semoga sehat-sehat ya!! Kali ini gw mau share tentang IDOR lagi.. dan kemaren ada yg bilang artikel yg…Apr 14, 2023Apr 14, 2023
Revan AAccount Takeover via Token ManipulationPada kesempatan ini saya akan membahas Account Takeover dengan manipulasi token reset password.Mar 17, 2023Mar 17, 2023
![How To Explore and Exploit GraphQL [Indonesia]](https://miro.medium.com/v2/resize:fill:160:106/1*c0saAjd_0U_fazd-sCMYMQ.png)
![How To Explore and Exploit GraphQL [Indonesia]](https://miro.medium.com/v2/resize:fill:320:214/1*c0saAjd_0U_fazd-sCMYMQ.png)
