Today I will share with you the first vulnerability I found on SerpApi, LLC. I found this vulnerability right after I finished my onboarding process at SerpApi, LLC. Table of Contents — The Target. — Weaponizing the vulnerability. — Exploitation. — Impact and severity. — Report timeline. — Ending. The Target SerpApi is a real-time…

Today we will talk about the Naver Images API, it might be one of the best alternatives for Google Images API As we know, the Naver engine handles 74.7% of all web searches in South Korea which might be the same number for Images API in Naver. Naver developers put…

In this article, we will talk about how to reverse engineer Google finance charts to parse them using Ruby on Rails. Introduction ‌ ‌ When you search in Google for something like Bitcoin price or bitcoin vs dollar we will notice a chart and very rich finance data, originally the source of…

Path Traversal: A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the webroot folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and…

Automate background checks to the next level. What does a Background check mean? — A background check is a process that a person or company uses to verify that an individual is who they claim to be, and this provides an opportunity to check and confirm the validity of someone’s…

Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line. As in the title, today I’m presenting a new tool, but maybe it’s an idea more than a tool for those who are looking to make…

We’ve been in this pandemic since March and once the pandemic started I was having plenty of free time, And I need to use that time wisely, So I’ve decided to take the OSWE certification and I finished the exam on 8 of August, after that, I took a couple…