https://blog.medusa0xf.com/topics/web/ Recent content in Web on Medusa0xf Hugo -- gohugo.io en © 2026 Medusa0xf Tue, 17 Mar 2026 21:53:25 +0100 https://blog.medusa0xf.com/posts/mcp-servers-explained/ Tue, 17 Mar 2026 21:53:25 +0100 https://blog.medusa0xf.com/posts/mcp-servers-explained/ MCP Servers Explained: The New AI Attack Surface # What is MCP? https://blog.medusa0xf.com/posts/idor-leads-to-unauthorized-deletion-how-i-earned-500-in-bug-bounty/ Sat, 08 Nov 2025 11:55:35 +0100 https://blog.medusa0xf.com/posts/idor-leads-to-unauthorized-deletion-how-i-earned-500-in-bug-bounty/ During bug hunting, I discovered an IDOR vulnerability that allowed unauthorized deletion of resources across accounts within the same tenant. https://blog.medusa0xf.com/posts/how-i-found-an-account-takeover-bug-in-the-forgot-password-flow/ Tue, 23 Sep 2025 21:55:35 +0100 https://blog.medusa0xf.com/posts/how-i-found-an-account-takeover-bug-in-the-forgot-password-flow/ While I was hunting on a target, I came across an acquisition related to it, so I decided to look around the new domain. https://blog.medusa0xf.com/posts/how-i-found-a-3000-idor-vulnerability-in-a-delivery-app/ Sat, 13 Sep 2025 20:57:35 +0100 https://blog.medusa0xf.com/posts/how-i-found-a-3000-idor-vulnerability-in-a-delivery-app/ Recently, I was hunting on a target that I can’t disclose because of its responsible disclosure program, even though it’s public. https://blog.medusa0xf.com/posts/exploiting-dom-for-open-redirect-attacks/ Fri, 22 Nov 2024 22:30:35 +0100 https://blog.medusa0xf.com/posts/exploiting-dom-for-open-redirect-attacks/ What is Open Redirect Vulnerability? https://blog.medusa0xf.com/posts/http-parameter-pollution-vs-mass-assignment/ Tue, 04 Jun 2024 22:20:35 +0100 https://blog.medusa0xf.com/posts/http-parameter-pollution-vs-mass-assignment/ In this blog, we are going to see the difference between HTTP parameter pollution and mass assignment.