Abdulaziz Saad

@b4zb0z

Website

INTJ | Self-made | Web Developer | Rusty Hacker

Jeddah, SAJoined February 2023

About

Nothing here yet.

Available for

Nothing here yet.

Abdulaziz Saad's blogs

Abdulaziz's Writeupsblog.abdulaziz-d.com3 posts

Articles Comments

Recently published

ASAbdulaziz Saadblog.abdulaziz-d.comMay 21 · 6 min read

IDOR in Government Ownership API Exposed Private Business Owner PII via CR Number Enumeration

Severity: HighBounty Awarded: $1,506Program: Private Bug BountyPlatform: Bugbounty.sa Some IDORs are obvious immediately. You change an ID. Someone else’s data appears. Easy. Others look harmless at f

0

ASAbdulaziz Saadblog.abdulaziz-d.comMay 18 · 9 min read

Zero-Click Stored XSS in Chat: When “Just Open the Window” Is Enough

Severity: HighBounty Awarded: $394Program: Private Bug BountyPlatform: Bugbounty.sa Most chat XSS bugs are noisy. You send a payload. The victim has to click something. Refresh the page. Open the mes

0

ASAbdulaziz Saadblog.abdulaziz-d.comMay 15 · 8 min read

From Username Enumeration to Subscriber PII: Chaining 3 Weak Findings in a Telecom Ecosystem

Severity: MediumBounty Awarded: $560Program: Private Bug Bounty Most hunters have encountered login enumeration and immediately deprioritized it. Different response. Different redirect. Different word

0

Abdulaziz Saad

About

Available for

Abdulaziz Saad's blogs

Recently published

IDOR in Government Ownership API Exposed Private Business Owner PII via CR Number Enumeration

Zero-Click Stored XSS in Chat: When “Just Open the Window” Is Enough

From Username Enumeration to Subscriber PII: Chaining 3 Weak Findings in a Telecom Ecosystem

Search Hashnode

Abdulaziz Saad

About

Available for

Abdulaziz Saad's blogs

Recently published

IDOR in Government Ownership API Exposed Private Business Owner PII via CR Number Enumeration

Zero-Click Stored XSS in Chat: When “Just Open the Window” Is Enough

From Username Enumeration to Subscriber PII: Chaining 3 Weak Findings in a Telecom Ecosystem