Muhammad Aldiansyah

May 18

Automation Testing tools yang wajib untuk di coba

halo, apa kabar? Saat ini mau menginfokan mengenai automation testing tools. Apa sih yang dimaksud automated testing? Automated testing bergantung pada pra-scripted tes yang berjalan secara otomatis, fungsinya untuk membandingkan hasil yang diharapkan dengan hasil yang sebenarnya. Sehingga dapat mengetahui apakah aplikasi atau web berjalan sesuai dengan apa yang diharapkan…

4 min read

Automation Testing tools yang wajib untuk di coba

Dec 10, 2021

Retrieving AWS metadata and use it for RCE

Escalating SSRF to RCE Retrieving AWS metadata and use it for RCE When researching a web application, I stumbled upon an endpoint which allowed me to perform SSRF. I’ll use the endpoint http://example.com/fetch?url=[path] as example. Performing curl http://example.com/fetch?url=http://169.254.169.254/latest/meta-data/ results in listing the directory contents of the Amazon metadata service. $ curl http://example.com/fetch?url=http://169.254.169.254/latest/meta-data/ami-id …

3 min read

Sep 27, 2021

CyberTalents — CatchMomen(Web Security) Writeup

When you open the web page you will see a normal company website but let’s try to login go to http://3.126.138.80/catch/login.php let’s looking at the source code I found a credential which maybe will allow me to login but it is not working. it gives me an error message ‘User…

2 min read

CyberTalents — CatchMomen(Web Security) Writeup

Apr 28, 2021

Full Account Takeover worth $1000 Think Out of the box

hello everyone , Today’s story is about a bug I found on public disclosure program which allows me to take over any user’s account. It was a P4 issue but I didn’t report and chain it to P1. Without further ado let’s start . I don’t have permission to disclosure…

4 min read

Full Account Takeover worth $1000 Think Out of the box