marcelo321.github.io/index.xml at master · marcelo321/marcelo321.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>zonduu</title>


    <link>https://zonduu.me/</link>
    <description>Recent content on zonduu</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en-us</language>
    <lastBuildDate>Mon, 22 Sep 2025 00:00:00 +0000</lastBuildDate>

	<atom:link href="https://zonduu.me/index.xml" rel="self" type="application/rss+xml" />


    <item>
      <title>No rate‑limit on OTP verification leads to 10k bounty</title>
      <link>https://zonduu.me/posts/mass-acc-takeover/</link>
      <pubDate>Mon, 22 Sep 2025 00:00:00 +0000</pubDate>

      <guid>https://zonduu.me/posts/mass-acc-takeover/</guid>
      <description>


          How I found and exploited a missing rate limit on an OTP verification endpoint that allowed mass account takeover by brute forcing one-time codes.


        </description>
    </item>

    <item>
      <title>IDOR in Session cookie leading to Mass Account Takeover</title>
      <link>https://zonduu.me/posts/idor-session-cookie/</link>
      <pubDate>Fri, 01 May 2020 00:00:00 +0000</pubDate>

      <guid>https://zonduu.me/posts/idor-session-cookie/</guid>
      <description>


          How I found an IDOR in a session cookie that allowed mass account takeover.


        </description>
    </item>

    <item>
      <title>SSRF to fetch AWS credentials with full access to multiple services</title>
      <link>https://zonduu.me/posts/critical-ssrf/</link>
      <pubDate>Fri, 01 May 2020 00:00:00 +0000</pubDate>

      <guid>https://zonduu.me/posts/critical-ssrf/</guid>
      <description>


          How I found an SSRF to fetch AWS credentials with full access to multiple services.


        </description>
    </item>

    <item>
      <title>Bug Bounty Beginner’s Guide</title>
      <link>https://zonduu.me/posts/news-guide/</link>
      <pubDate>Wed, 15 Jan 2020 00:00:00 +0000</pubDate>

      <guid>https://zonduu.me/posts/news-guide/</guid>
      <description>


          My personal journey into bug bounty hunting and tips for beginners.


        </description>
    </item>

    <item>
      <title>Finding and exploiting HTTP Request Smuggling</title>
      <link>https://zonduu.me/posts/http-smug/</link>
      <pubDate>Wed, 01 Jan 2020 00:00:00 +0000</pubDate>

      <guid>https://zonduu.me/posts/http-smug/</guid>
      <description>


          How to find HTTP Request Smuggling in the wild


        </description>
    </item>

  </channel>
</rss>