Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

By exploiting a simple IDOR (indirect object reference) it was trivial to create a post within a different group. However, the current users group id had to be used with a victim post? I thought this was really odd.

To me, the weirdest part was that a similar bug was found on Facebook and fixed! However, it was on a different part of the site...