Open in app

Sign In

Write

Sign In

Fahad Almulhim (0xHunter)
Fahad Almulhim (0xHunter)

93 Followers

Home

About

5 days ago

An IDOR lead to viewing other user’s files CVE-2023–42334.

Good day everyone! I hope all of you are doing well. During one of the penetration testing assessments, we encountered an iOS app that included both fl3xx Crew and fl3xx Dispatch. We identified a parameter that could potentially allow users to view files that they don’t have authorized on them…

3 min read

An IDOR lead to viewing other user’s files CVE-2023–42334.
An IDOR lead to viewing other user’s files CVE-2023–42334.

3 min read


6 days ago

Unrestricted file upload lead to upload malicious files in IOS App (CVE-2023–42335)

Good day everyone! I hope all of you are doing well. During one of the penetration testing assessments, we encountered an iOS app that included both fl3xx Crew and fl3xx Dispatch. We identified multiple file upload functionalities that could potentially allow users to transfer files from their computers to the…

4 min read

Unrestricted file upload lead to upload malicious files in IOS App (CVE-2023–42335)
Unrestricted file upload lead to upload malicious files in IOS App (CVE-2023–42335)

4 min read


Jan 20

How I Found My FIRST SQL Injection CVE-2023–23331

Good day everyone! I hope all of you are doing well. SQL Injection is one of the most critical vulnerabilities that can be found in web applications, Steps below will show you how SQL Injection vulnerability can be found by an Authenticated user, which leads to compromising the back-end database…

2 min read

How I Found My FIRST SQL Injection CVE-2023–23331
How I Found My FIRST SQL Injection CVE-2023–23331

2 min read

Fahad Almulhim (0xHunter)

Fahad Almulhim (0xHunter)

93 Followers

Penetration Testing

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams