Infosec on Medusa0xf

Infosec on Medusa0xf https://medusa0xf.com/tags/infosec/ Recent content in Infosec on Medusa0xf Hugo -- gohugo.io en © 2026 Medusa0xf Sat, 13 Sep 2025 20:57:35 +0100 How I Found a $3000 IDOR Vulnerability in a Delivery App https://medusa0xf.com/posts/how-i-found-a-3000-idor-vulnerability-in-a-delivery-app/ Sat, 13 Sep 2025 20:57:35 +0100 https://medusa0xf.com/posts/how-i-found-a-3000-idor-vulnerability-in-a-delivery-app/ Recently, I was hunting on a target that I can’t disclose because of its responsible disclosure program, even though it’s public. API Basics: A Hacker's Starter Guide https://medusa0xf.com/posts/api-basics-hsg/ Thu, 21 Mar 2024 21:42:37 +0100 https://medusa0xf.com/posts/api-basics-hsg/ What is an API? How to Discover API Subdomains? | API Hacking | https://medusa0xf.com/posts/api-subdomains/ Tue, 12 Mar 2024 22:05:37 +0100 https://medusa0xf.com/posts/api-subdomains/ How to Discover API Subdomains? Server Side Parameter Pollution in Rest API path parameter https://medusa0xf.com/posts/server-side-parameter-pollution/ Mon, 04 Mar 2024 11:50:00 +0001 https://medusa0xf.com/posts/server-side-parameter-pollution/ What is Server Side Parameter Pollution? How to Perform CSRF Attack in GraphQL https://medusa0xf.com/posts/csrf-in-graphql/ Tue, 16 Jan 2024 22:05:37 +0100 https://medusa0xf.com/posts/csrf-in-graphql/ What is a CSRF Attack? Broken Object Level Authorization Vs. Broken Functionality Level Authorization | API Hacking https://medusa0xf.com/posts/api-broken-auth/ Mon, 13 Jun 2022 20:55:37 +0100 https://medusa0xf.com/posts/api-broken-auth/ In this blog, we will explore two significant security vulnerabilities: Broken Object Level Authorization (BOLA) and Broken Functionality Level Authorization (BFLA) in APIs.