Rohit kumar – Medium

Rohit kumar

Rohit kumar

·

Jan 28, 2025

Opengrep : A Hype and Marketing Gimmick, let’s rename it to Privategrep.

Recently, OpenGrep made headlines as a new open-source project touted as a “revival” of static application security testing (SAST) tools…

Opengrep : A Hype and Marketing Gimmick, let’s rename it to Privategrep.

Rohit kumar

·

Jun 16, 2023

Detecting, Fixing, and Defending Against XXE Attacks in Python and Java

Introduction:

Detecting, Fixing, and Defending Against XXE Attacks in Python and Java

Rohit kumar

·

Jun 11, 2023

How to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive Guide

Introduction:

How to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive Guide

Rohit kumar

·

May 20, 2021

CSRF from which we can create a support ticket in Victim’s Account (500$)

Complete Details ===

CSRF from which we can create a support ticket in Victim’s Account (500$)

Rohit kumar

·

May 20, 2021

Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device…

Complete Details === During my investigation, I found that a user’s DTSG token can be exposed to a third-party application because of a…

Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device…

Rohit kumar

·

Aug 31, 2020

Page shops with a hidden Product in “Featured product section” which could be controlled by…

Product Area

Page shops with a hidden Product in “Featured product section” which could be controlled by…

Rohit kumar

·

Jun 5, 2020

[IDOR] Delete saved credit cards from any Business Manager Account.

Business manager is having an option to add and manage credit cards. However, this functionality is limited to authorized “Admins” of that…

[IDOR] Delete saved credit cards from any Business Manager Account.

Rohit kumar

·

May 2, 2020

Private Dashboards were accessible by other Admins in Analytics Dashboard

Private dashboards can be accessed by other Admins, which leads to sensitive data exposure.

Private Dashboards were accessible by other Admins in Analytics Dashboard

Rohit kumar

·

Oct 12, 2019

Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.

Again this will be a copy/paste of my whole report nothing fancy gifs and memes in this report 😐

Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.

Rohit kumar

·

Aug 15, 2019

ByPassing fix of Domain Blocking feature in Business Manager

A few months back I reported this vulnerability Demoted business admin could apply blocklist to all ad accounts and FB rewarded me 500$…

ByPassing fix of Domain Blocking feature in Business Manager

Rohit kumar

Rohit kumar

✌ Hacking & Security, Programming / Technology - Not all superheroes wear capes, some just push code to Github.

Following

Help

Status

About

Careers

Press

Blog

Store

Privacy

Rules

Terms

Text to speech