Security research and vulnerability analysis from HackerOne bug bounty programs. Contains exploitation techniques, proof-of-concept code, and reports for fintech platforms and API gateways. Includes Python/Bash scripts, authentication bypasses, CORS exploits, IDOR vulnerabilities, and API security testing documentation.

Intentionally vulnerable captive portal lab for wireless security training. Demonstrates session hijacking, authentication bypass, and network security vulnerabilities. Docker containerized for safe, isolated learning environments. FOR EDUCATIONAL USE ONLY.

PoC for CVE-2025-5777 – Auth Bypass and RCE in Trend Micro Apex Central

Authentication Bypass PoC for CVE-2025-2825 – Exploiting CrushFTP 10.x

This repository demonstrates a privilege escalation attack targeting Open5GS's WebUI, exploiting unauthenticated database connections and forged session cookies/JWT tokens. The analysis reveals critical vulnerabilities in authentication mechanisms, offering insights for securing 5G network components.

NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js

Authentication Bypass Vulnerability — CVE-2024–4358 — Telerik Report Server 2024

This repository details an IDOR vulnerability in AbsysNet 2.3.1, which allows a remote attacker to brute-force session IDs via the /cgi-bin/ocap/ endpoint. Successful exploitation can compromise active user sessions, exposing authentication tokens in HTML. The attack is limited to active sessions and is terminated if the user logs out.

It is a simple password brute force tool designed for ethical hacking and security testing. Automates the process of selecting passwords for a given user on a website by sending POST requests with different passwords and analyzing the response.

A Python tool for decrypting passwords hashed with the AuthMe SHA256 algorithm. Ideal for penetration testing and security audits on Minecraft servers using the AuthMe authentication plugin.

Apache Superset - Authentication Bypass

A PoC exploit for CVE-2024-27198 - JetBrains TeamCity Authentication Bypass

A PoC exploit for CVE-2023-51467 - Apache OFBiz Authentication Bypass

Hack Karadeniz 2022 CyberCafe sorusu için yazdığım writeup

Automate login attempts with the Login-Breaker-Pro script. Securely test user credentials for your web application or platform.

This repository contains a basic custom lab environment designed to demonstrate and explore SQL injection vulnerabilities. The lab provides a hands-on learning experience to understand the risks associated with insecure coding practices and the impact of SQL injection attacks on web applications.

Perfom With Massive Authentication Bypass In PaperCut MF/NG

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

foundryvtt admin authentication bypass POC exploit

The Vulnerability of GoAhead Service on VStarcam C34S-X4 that allows you to download system.ini configuration file and get login and password.