AIwolfie – Medium

AIwolfie

☕ When a REST Route Spills the Beans: Finding an Author-enumeration Bug (CVE-2023–5561)

There are two truths I live by: one, always keep coffee within arm’s reach; two, curiosity + an API = bad decisions that turn into CVEs…

Oct 30

☕ When a REST Route Spills the Beans: Finding an Author-enumeration Bug (CVE-2023–5561)

Oct 30

The day Wayback pointed me to an admin panel — and why scope still wins ☕️

I love quick wins. I love poking at weird URLs. I love coffee. What I don’t love: accidentally wandering into infrastructure that’s…

Oct 24

The day Wayback pointed me to an admin panel — and why scope still wins ☕️

Oct 24

How an OAuth Misconfiguration Led to Account Takeover

☕ The Coffee-Fueled Recon

Sep 10

How an OAuth Misconfiguration Led to Account Takeover

Sep 10

☕ My First Critical Bug: Account Takeover with Just One Tiny Letter

Bug bounty is wild. Sometimes you fuzz for hours and find nothing. Other times, one tiny character can open the door to a Critical Account…

Sep 5

☕ My First Critical Bug: Account Takeover with Just One Tiny Letter

Sep 5

🔐 How I Found Facebook and Google API Keys Hardcoded in an Android App (and Why That’s a Bad Idea)

☕ Reverse engineering APKs is fun… until you stumble upon production secrets sitting in plain sight.

Jul 12

🔐 How I Found Facebook and Google API Keys Hardcoded in an Android App (and Why That’s a Bad Idea)

Jul 12

🔐 I Found a Hardcoded Google API Key in a Popular Food App (and It Was Too Easy 🍟🔑)

☕ “Woke up, scanned an APK, found a secret. Just hacker things.”

Jul 5

🔐 I Found a Hardcoded Google API Key in a Popular Food App (and It Was Too Easy 🍟🔑)

Jul 5

🛰️ So… I Made a Server Call Me Back. Unauthenticated SSRF via XML-RPC

One fine evening, while sipping coffee stronger than my will to live, I accidentally made a server talk to me. Literally.

Jun 30

🛰️ So… I Made a Server Call Me Back. Unauthenticated SSRF via XML-RPC

Jun 30

☕ How I Redirected the Entire Startup to evil.com — With One Header

🧠 Context

Jun 23

☕ How I Redirected the Entire Startup to evil.com — With One Header

Jun 23

🧠 XML-RPC Open, phpinfo() Public — But They Came to Hire from My College 💀

“Main toh sirf recon kar raha tha, lekin server bola… bhaiya sab kuch le jao.” — A bored student who just wanted coffee, not credentials

Jun 15

🧠 XML-RPC Open, phpinfo() Public — But They Came to Hire from My College 💀

Jun 15

How I Hacked an E-Commerce Website & Found XSS

☕ Just Another Day, Just Another XSS

Mar 16

How I Hacked an E-Commerce Website & Found XSS

Mar 16

AIwolfie

AIwolfie

Cybersecurity enthusiast ☕ | Ethical hacker | Bug bounty hunter | Sharing insights on vulnerabilities to help make the web a safer place.

Following

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech