When you open the web page you will see a normal company website but let’s try to login

go to http://3.126.138.80/catch/login.php

let’s looking at the source code I found a credential which maybe will allow me to login but it is not working.

it gives me an error message ‘User…


hello everyone , Today’s story is about a bug I found on public disclosure program which allows me to take over any user’s account. It was a P4 issue but I didn’t report and chain it to P1. Without further ado let’s start .

I don’t have permission to disclosure…

Muhammad Aldiansyah

Penetration Tester

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store