https://medusa0xf.com/tags/http/ Recent content in HTTP on Medusa0xf Hugo -- gohugo.io en © 2026 Medusa0xf Tue, 17 Mar 2026 21:53:25 +0100 https://medusa0xf.com/posts/mcp-servers-explained/ Tue, 17 Mar 2026 21:53:25 +0100 https://medusa0xf.com/posts/mcp-servers-explained/ MCP Servers Explained: The New AI Attack Surface # What is MCP? https://medusa0xf.com/posts/idor-leads-to-unauthorized-deletion-how-i-earned-500-in-bug-bounty/ Sat, 08 Nov 2025 11:55:35 +0100 https://medusa0xf.com/posts/idor-leads-to-unauthorized-deletion-how-i-earned-500-in-bug-bounty/ During bug hunting, I discovered an IDOR vulnerability that allowed unauthorized deletion of resources across accounts within the same tenant. https://medusa0xf.com/posts/how-i-found-an-account-takeover-bug-in-the-forgot-password-flow/ Tue, 23 Sep 2025 21:55:35 +0100 https://medusa0xf.com/posts/how-i-found-an-account-takeover-bug-in-the-forgot-password-flow/ While I was hunting on a target, I came across an acquisition related to it, so I decided to look around the new domain. https://medusa0xf.com/posts/bypassing-rate-limit-in-graphql/ Thu, 05 Dec 2024 19:43:35 +0100 https://medusa0xf.com/posts/bypassing-rate-limit-in-graphql/ What is GraphQL? https://medusa0xf.com/posts/exploiting-dom-for-open-redirect-attacks/ Fri, 22 Nov 2024 22:30:35 +0100 https://medusa0xf.com/posts/exploiting-dom-for-open-redirect-attacks/ What is Open Redirect Vulnerability? https://medusa0xf.com/posts/http-parameter-pollution-vs-mass-assignment/ Tue, 04 Jun 2024 22:20:35 +0100 https://medusa0xf.com/posts/http-parameter-pollution-vs-mass-assignment/ In this blog, we are going to see the difference between HTTP parameter pollution and mass assignment.