Fahad Almulhim (0xHunter)

Sep 19

An IDOR lead to viewing other user’s files CVE-2023–42334.

Good day everyone! I hope all of you are doing well. During one of the penetration testing assessments, we encountered an iOS app that included both fl3xx Crew and fl3xx Dispatch. We identified a parameter that could potentially allow users to view files that they don’t have authorized on them…

3 min read

An IDOR lead to viewing other user’s files CVE-2023–42334.

3 min read

Sep 19

Unrestricted file upload lead to upload malicious files in IOS App (CVE-2023–42335)

Good day everyone! I hope all of you are doing well. During one of the penetration testing assessments, we encountered an iOS app that included both fl3xx Crew and fl3xx Dispatch. We identified multiple file upload functionalities that could potentially allow users to transfer files from their computers to the…

4 min read

Unrestricted file upload lead to upload malicious files in IOS App (CVE-2023–42335)

4 min read

Jan 20

How I Found My FIRST SQL Injection CVE-2023–23331

Good day everyone! I hope all of you are doing well. SQL Injection is one of the most critical vulnerabilities that can be found in web applications, Steps below will show you how SQL Injection vulnerability can be found by an Authenticated user, which leads to compromising the back-end database…

2 min read

How I Found My FIRST SQL Injection CVE-2023–23331

2 min read