I had the awesome opportunity to dive into a client’s domain and hunt for security vulnerabilities. It was an exciting and educational journey that really leveled up my skills.

Here’s the scoop on what I found:

• Cross-Site Scripting (XSS): I uncovered both reflected and stored XSS vulnerabilities. These could let sneaky attackers inject malicious scripts, potentially messing with user data and the app’s overall security.
• SQL Injection (SQLi): I spotted several SQL injection points. These vulnerabilities could allow attackers to tamper with the database, leading to unauthorized data access and potential breaches.
• CORS Misconfigurations: I found some issues with Cross-Origin Resource Sharing (CORS). These misconfigurations could let unauthorized domains access the app, posing a serious security risk.
• Information Disclosure: I stumbled upon files that leaked sensitive data. This exposed info could be used by attackers to get insights into the app’s structure and user data.