Hello Friends,My name is Ranjeet Singh and today I am going to explain what is host header injection, how you can find it and how I have find host header injection and able to takeover any account and earned $$$$

What Is Host Header Injection :

HTTP Host header attacks occurs when websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior. …

Hello Security Researchers, My name is Ranjeet Singh and today I am going to explain what is OAuth, how you can find misconfiguration in it & how you can takeover account and can earn $$$$.Also I am going to share my methodology & some tips / tricks.


It is an authorization framework.

It enables a third party application to obtain limited access to a service.

Example , We have “Login with facebook” buttons on various websites which gets an ‘access token’ of the user from Facebook and uses this limited information form Facebook to create account.

How OAuth works :

1.Authorization Code (Later…

Hello Friends, My name is Ranjeet Singh and currently I am pursuing B-Tech from LPU and a part time bug hunter. I am doing bug hunting from past 3 years & I am still noob so if I will do some mistake then please notify me so I can correct it. So without wasting time lets get into the point.


One of my friend has given this private site so lets call that domain as :<redacted>.com

So the target has vast scope i.e *.redacted.com . So I started recon. because without recon we don’t get to know how things are…

Ranjeet Kumar Singh

N00b trying to learn by making and breaking stuff !!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store