Open in app

Sign in

Write

Sign in

Fahad Almulhim (0xHunter)
Fahad Almulhim (0xHunter)

101 Followers

Home

About

Sep 19

An IDOR lead to viewing other user’s files CVE-2023–42334.

Good day everyone! I hope all of you are doing well. During one of the penetration testing assessments, we encountered an iOS app that included both fl3xx Crew and fl3xx Dispatch. We identified a parameter that could potentially allow users to view files that they don’t have authorized on them…

3 min read

An IDOR lead to viewing other user’s files CVE-2023–42334.
An IDOR lead to viewing other user’s files CVE-2023–42334.

3 min read


Sep 19

Unrestricted file upload lead to upload malicious files in IOS App (CVE-2023–42335)

Good day everyone! I hope all of you are doing well. During one of the penetration testing assessments, we encountered an iOS app that included both fl3xx Crew and fl3xx Dispatch. We identified multiple file upload functionalities that could potentially allow users to transfer files from their computers to the…

4 min read

Unrestricted file upload lead to upload malicious files in IOS App (CVE-2023–42335)
Unrestricted file upload lead to upload malicious files in IOS App (CVE-2023–42335)

4 min read


Jan 20

How I Found My FIRST SQL Injection CVE-2023–23331

Good day everyone! I hope all of you are doing well. SQL Injection is one of the most critical vulnerabilities that can be found in web applications, Steps below will show you how SQL Injection vulnerability can be found by an Authenticated user, which leads to compromising the back-end database…

2 min read

How I Found My FIRST SQL Injection CVE-2023–23331
How I Found My FIRST SQL Injection CVE-2023–23331

2 min read

Fahad Almulhim (0xHunter)

Fahad Almulhim (0xHunter)

101 Followers

Penetration Testing

Following
  • Om Arora

    Om Arora

  • whit3ros3

    whit3ros3

  • Saleh

    Saleh

  • Elad Shamir

    Elad Shamir

See all (5)

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams