Freelance security researcher and bug bounty hunter specializing in Android, Web, and API security. Passionate
about open-source, AI, and LLMs. Legally helps companies secure their digital assets through ethical hacking
& responsible disclosure.
Recent Activities
Bug Bounty
Reported critical vulnerabilities in multiple corporate web applications, receiving high severity ratings
and Hall of Fame recognition.
Tool Release
Developed and published multiple original tools focused on Android and web application security testing to
aid the community.
Blog Post
Published detailed write-ups covering topics like Broken Access Control, Injection Vulnerabilities, and
unique Business Logic Flaws.
Security Projects
Bug Bounty Findings
Exploiting Broken Access
Control to Access My College Panel
Critical
A detailed write-up on how I discovered and exploited a vulnerability to access my college's internal
panel without needing any credentials.
Comment Section Takeover via
IDOR on GeeksForGeeks.com
High
A write-up on how a single unauthorized request exploiting Insecure Direct Object Reference (IDOR) allowed
me to take control of the comment section on the GFG platform.
A lightweight tool to extract and display exported components from Android apps, helping identify exposed
activities, services, and receivers for security analysis.
A bypass of the email verification security control was discovered, allowing an attacker to spam a victim by
using case-sensitive variations of their email address.
Improper validation in social media link fields allowed insertion of arbitrary URLs instead of usernames. This
business logic flaw enabled user tracking and privacy violations.
Discovered an IDOR vulnerability in the email update functionality, where changing the user ID in the request
exposed other user's email addresses without proper authorization checks.
