Adding a large number of wallet addresses to a whitelist in Aptos can be costly, both in terms of time and gas fees. Using a bucket table and table in Aptos, it can cost around 0.9 APT to add 1,500 addresses to a whitelist. However, this cost increases significantly if…

This write-up is about how I was able to find page/personal account disclosure on Instagram. In my previous blog, I had written about Page admin disclosure and I had got much positive feedback on that blog. …

This article is about a vulnerability I was able to find in the BugCrowd private program. At around midnight I got an alert message that said that I had been invited to pentest a new private program. Taking in regard the scope and reward range of the web application, I…

In this week’s blog, I am writing about how I was able to bypass the eligibility criteria for the Brand Collabs Manager and register my page without meeting the criteria and policy. I wasn’t awarded any bounty for this as Facebook’s production team deemed it unqualified for monetary reward. If…

This article is based on a new finding which I was able to discover while doing pentest for a private company. Since I am not allowed to disclose information about the company, let’s assume it as redacted.com. …

Hello everybody, Welcome back to my medium after many days. Sorry for not publishing anything for a long time, these days I was busy with some personal work. …

Hello everyone, I have not written a blog for a long time, so I thought of writing it in. Today, I am going to share one of my Facebook valid issue that I discovered in 2019. Vulnerability Type: Privacy / Authorization Product Area: Events Title: Facebook Page admin Disclosure Vulnerability…

Hey, thanks for coming again here 😃. If you have not read my previous facebook bug write up then go here, its really awesome. Today i am going to share one of my cool finding at antihack.me . What is Blind XSS? It is a type of stored XSS where…

Hi It’s me Ajay Gautam, Security Researcher at Nass and currently studying BIT (Hons) Computing. Today, I am going to share one of mine Facebook valid issue that I discovered in 2018. I was able to see the workplace owner name via their logo ID, if the ID of the…