PinnedRevan AinInfoSec Write-upsHow To Explore and Exploit GraphQL [Indonesia]Halo! karena jarang artikel bahasa Indonesia yang bahas soal GraphQL, jadi gw bikin artikel ini.. semoga bisa jadi referensi buat…5 min read·Dec 15, 2023--1--1
Revan ACVE-2023–51356: ARMember <= 4.0.10 — Authenticated Privilege EscalationBackend code of edit profile feature is vulnerable for Privilege Escalation attack. Attacker can manipulate request for getting higher role3 min read·Dec 28, 2023----
Revan ACVE-2023–47837: ARMember <= 4.0.10 — Bypass Membership PlanProfile feature is vulnerable for Bypass Membership Plan. Attacker can manipulate the request to get “Membership Plan” without paying5 min read·Nov 21, 2023----
Revan AinInfoSec Write-upsCVE-2023-41954: ProfilePress <= 4.13.1 — Unauthenticated Privilege EscalationPrivilege Escalation vulnerability on ProfilePress Plugin. Malicious actor could register an account as Editor, Author, or other existing…5 min read·Sep 14, 2023----
Revan AinInfoSec Write-upsCVE-2023–39308: User Feedback <= 1.0.7 — Unauthenticated Stored XSSSubmit Feedback feature doesn’t filter submitted Text. So, Attacker can submit malicious script.4 min read·Sep 6, 2023----
Revan ABypass SMS Authentication To Account TakeoverHaloo guys! Artikel kali ini membahas tentang bypass OTP.. dan menurut gw pribadi ini case yang cukup unik. Sebelum masuk ke…3 min read·May 13, 2023----
Revan AIDOR on Resend SMS VerificationHaloo Bug Hunter! gimana kabarnya? semoga sehat-sehat ya!! Kali ini gw mau share tentang IDOR lagi.. dan kemaren ada yg bilang artikel yg…2 min read·Apr 14, 2023----
Revan AAccount Takeover via Token ManipulationPada kesempatan ini saya akan membahas Account Takeover dengan manipulasi token reset password.3 min read·Mar 17, 2023----