Security
Writeups

In-depth technical writeups on real vulnerabilities I've discovered — covering IDOR, broken auth, logic flaws, and more across government, enterprise, and space agency targets.

Writeups

300+

Vulns Found

Continents

writeups@ashutosh:~

❯ cat latest.txt → Critical Admin Access · NASA Full site takeover via admin panel ❯ grep -i severity * P1 CRITICAL · NASA · nasa.gov ❯ wc -l writeups/ 2 published · more soon ❯

2 writeups found

More writeups being drafted — SSRF, auth bypass, and subdomain takeover findings coming soon.

Latest NASA · nasa.gov P1 · Critical LOR Awarded Featured

P1 Critical · NASA · 2025

Full Admin Takeover on

NASA's nasa.gov

Directory listing exposed admin usernames on a live NASA subdomain. A simple credential guess unlocked full CMS access — enabling content creation, deletion, file upload, and potential site defacement. Initially dismissed as Informational, resubmitted with PoC and accepted as P1 Critical. NASA issued a Letter of Appreciation.

IDOR at USA State Court System

An unprotected ColdFusion endpoint exposed ~200,000 records — court personnel emails and accused individuals' data — to anyone with the URL. Found in under 5 minutes via Wayback Machine recon.