Profile cover photo
Profile photo
Shawar Khan
40 followers -
Ethical Hacker
Ethical Hacker

40 followers
About
Posts

Post has attachment
Getting PHP Code Execution and leverage access to panels,databases,server
Greetings everyone, This is Shawar Khan and it's been a while since my last write-up and i wasn't able to do some write-ups due to some reasons so today i decided to do a write-up on one my recent discovery and my approach using which i was able to get read...
Add a comment...

Post has attachment
Getting read access on Edmodo Production Server by exploiting SSRF
Hey Mates! This is Mustafa Khan, Two weeks back I was planing to hunt some bounty sites to get some $$ but had some private programs and most of them seems to be secured and most of the researchers hunted it before me so had zero luck. 😞 Since I was disapp...
Add a comment...

Post has attachment
Remote Code Execution - From Recon to Root!
Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to code execution. Recon and information gathering is an important part of penetration testing as knowing your target giv...
Add a comment...

Post has attachment
Exploiting multiple Self XSSes via OAuth misconfiguration
Greetings everyone this is Shawar Khan and today i am going to share one of my recent findings. Most of you have already heard about XSS attacks, basically it's an attacker where an attacker is able to execute javascript commands on a specific web applicati...
Add a comment...

Post has attachment
Gathering employees information by capturing GUIDs
Hi everyone, this is Shawar Khan and today i am going to share one of my recent discovery in a famous tech giant. I will keep the company name private as they are not allowing any kind of disclosure related to their company so i will use REDACTED.com instea...
Add a comment...

Post has attachment
How i was able to get employee information by using the GUID
Hi everyone, this is Shawar Khan and today i am going to share one of my recent discovery in a famous tech giant. I will keep the company name private as they are not allowing any kind of disclosure related to their company so i will use REDACTED.com instea...
Add a comment...

Post has attachment
Sarahah XSS Exploitation Tool - Compromising Sarahah Users.
Disclaimer: This tool is built to demonstrate XSS vulnerability in Sarahah's web application that was pre-identified. I'm not responsible for any damage done using this tool as it's only built for educational purposes. Hello everyone, this is Shawar Khan an...
Add a comment...

Post has attachment
Pawning the Web - Disclosing top 6 findings
Hello everyone, this is Shawar Khan and today i am going to disclose some of my top 6 findings that i guess were interesting and useful. I am going to disclose these so the viewers can apply the similar methodology and techniques used in the tests. Firstly,...
Add a comment...

Post has attachment
Pwning the Web - Disclosure of top 6 findings
Hello everyone, this is Shawar Khan and today i am going to disclose some of my top 6 findings that i guess were interesting and useful. I am going to disclose these so the viewers can apply the similar methodology and techniques used in the tests. Firstly,...
Add a comment...

Post has attachment
Pwning the Web - Disclosure of top 6 findings
Hello everyone, this is Shawar Khan and today i am going to disclose some of my top 6 findings that i guess were interesting and useful. I am going to disclose these so the viewers can apply the similar methodology and techniques used in the tests. Firstly,...
Add a comment...
Wait while more posts are being loaded