Shashank's Security Blog
Finding security bugs for food.
Need my service?
Tuesday 3 November 2020
From a 500 error to Django admin takeover
This bug is about a private target I was hunting. I passed all the subdomains to FFUF , a great tool written in GoLang to brute force direct...
Tuesday 18 August 2020
Escalating a GitHub leak to takeover entire organization
I was hunting on a private program. One of the common things I do is look for leaked credentials on Github. I give special attention to dele...
Tuesday 21 July 2020
Subdomain Takeover using readthedocs
Hello World! Not a fancy blog post, but I just discovered that subdomain takeover is possible for "readthedocs." What is a su...
Saturday 18 May 2019
Finding leaks in Travis logs- an automated approach
First of all, I would like to give credits to original researchers who highlighted this issue into the public. The original blog post can ...
Wednesday 13 March 2019
Taking Over Publicly Editable Github Wiki in Masses
Let's get familiar with a few things first! What is Github? GitHub is a web-based hosting service for version control using Git. Git...
View web version