> For the complete documentation index, see [llms.txt](https://sallam.gitbook.io/sec-88/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sallam.gitbook.io/sec-88/write-ups.md). # Write-Ups - [Discord OAuth Misconfig → ATO, Pre-ATO & 2FA Bypass](https://sallam.gitbook.io/sec-88/write-ups/discord-oauth-misconfig-ato-pre-ato-and-2fa-bypass.md): Collaboration with Amr A'laa https://www.linkedin.com/in/amr-alaa-a14b65216/ - [How to Use Claude Code for Bug Hunting — For Free (A Beginner's Guide)](https://sallam.gitbook.io/sec-88/write-ups/how-to-use-claude-code-for-bug-hunting-for-free-a-beginners-guide.md) - [API BAC leads to PII Data Disclosure](https://sallam.gitbook.io/sec-88/write-ups/api-bac-leads-to-pii-data-disclosure.md): If you enjoy what I do, please support me Buy Me Ko-fi! https://ko-fi.com/h0tak88r - [Misconfigured OATUH leads to Pre-Account Takeover](https://sallam.gitbook.io/sec-88/write-ups/misconfigured-oatuh-leads-to-pre-account-takeover.md): If you enjoy what I do, please support me Buy Me Ko-fi! https://ko-fi.com/h0tak88r - [Automating Bug Bounty with GitHub Actions](https://sallam.gitbook.io/sec-88/write-ups/automating-bug-bounty-with-github-actions.md) - [From Recon to Reward: My Bug Bounty Methodology when Hunting on Public Bug Bounty Programs](https://sallam.gitbook.io/sec-88/write-ups/from-recon-to-reward-my-bug-bounty-methodology-when-hunting-on-public-bug-bounty-programs.md): If you enjoy what I do, please support me Buy Me Ko-fi! https://ko-fi.com/h0tak88r - [Exploring Subdomains: From Enumeration to Takeover Victory](https://sallam.gitbook.io/sec-88/write-ups/exploring-subdomains-from-enumeration-to-takeover-victory.md): If you enjoy what I do, please support me Buy Me Ko-fi! https://ko-fi.com/h0tak88r - [0-Click Account Takeover via Insecure Password Reset Feature](https://sallam.gitbook.io/sec-88/write-ups/0-click-account-takeover-via-insecure-password-reset-feature.md): If you enjoy what I do, please support me Buy Me Ko-fi! https://ko-fi.com/h0tak88r - [How a Simple Click Can Lead to Account Takeover: An OAuth Insecure Implementation Vulnerability](https://sallam.gitbook.io/sec-88/write-ups/how-a-simple-click-can-lead-to-account-takeover-an-oauth-insecure-implementation-vulnerability.md): If you enjoy what I do, please support me Buy Me Ko-fi! https://ko-fi.com/h0tak88r - [The Power Of IDOR even if it is unpredictable IDs](https://sallam.gitbook.io/sec-88/write-ups/finding-high-impact-bugs-in-a-private-bug-bounty-program-our-success-story.md) - [Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens](https://sallam.gitbook.io/sec-88/write-ups/unlocking-the-weak-spot-exploiting-insecure-password-reset-tokens.md): Buy Me Ko-fi! https://ko-fi.com/h0tak88r - [AI Under Siege: Discovering and Exploiting Vulnerabilities](https://sallam.gitbook.io/sec-88/write-ups/ai-under-siege-discovering-and-exploiting-vulnerabilities.md) - [Inside the Classroom: How We Hacked Our Way Past Authorization on a Leading EdTech Platform](https://sallam.gitbook.io/sec-88/write-ups/inside-the-classroom-how-we-hacked-our-way-past-authorization-on-a-leading-edtech-platform.md) - [How We Secured Our Client’s Platform Against Interaction-Free Account Thefts](https://sallam.gitbook.io/sec-88/write-ups/how-we-secured-our-clients-platform-against-interaction-free-account-thefts.md) - [Unchecked Privileges: The Hidden Risk of Role Escalation in Collaborative Platforms](https://sallam.gitbook.io/sec-88/write-ups/unchecked-privileges-the-hidden-risk-of-role-escalation-in-collaborative-platforms.md) - [Decoding Server Behavior: The Key to Mass Account Takeover](https://sallam.gitbook.io/sec-88/write-ups/decoding-server-behavior-the-key-to-mass-account-takeover.md) - [Exploiting JSON-Based CSRF: The Hidden Threat in Profile Management](https://sallam.gitbook.io/sec-88/write-ups/exploiting-json-based-csrf-the-hidden-threat-in-profile-management.md) - [How We Turned a Medium XSS into a High Bounty by Bypassing HttpOnly Cookie](https://sallam.gitbook.io/sec-88/write-ups/how-we-turned-a-medium-xss-into-a-high-bounty-by-bypassing-httponly-cookie.md) - [How Monitoring Target Updates Helped Me Earn Bounties in Bug Bounty](https://sallam.gitbook.io/sec-88/write-ups/how-monitoring-target-updates-helped-me-earn-bounties-in-bug-bounty.md) - [Semi-Automating My Android Bug Hunting Flow with apkX](https://sallam.gitbook.io/sec-88/write-ups/semi-automating-my-android-bug-hunting-flow-with-apkx.md) - [Using N8N To Orchestrate Web and Mobile Bug Hunting](https://sallam.gitbook.io/sec-88/write-ups/using-n8n-to-orchestrate-web-and-mobile-bug-hunting.md) - [Hacking Android Labs](https://sallam.gitbook.io/sec-88/write-ups/hacking-labs.md) - [Injured Android](https://sallam.gitbook.io/sec-88/write-ups/hacking-labs/injured-android.md) - [Hacking the VulnWebView Lab](https://sallam.gitbook.io/sec-88/write-ups/hacking-labs/hacking-the-vulnwebview-lab.md): Lab Link: https://github.com/t4kemyh4nd/vulnwebview - [Hacking InsecureBankv2 App](https://sallam.gitbook.io/sec-88/write-ups/hacking-labs/hacking-insecurebankv2-app.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://sallam.gitbook.io/sec-88/write-ups.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.