> For the complete documentation index, see [llms.txt](https://sec88.0x88.online/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sec88.0x88.online/write-ups.md).

# Write-Ups

- [API BAC leads to PII Data Disclosure](https://sec88.0x88.online/write-ups/api-bac-leads-to-pii-data-disclosure.md): If you enjoy what I do, please support me  Buy Me Ko-fi! https://ko-fi.com/h0tak88r
- [Misconfigured OATUH leads to Pre-Account Takeover](https://sec88.0x88.online/write-ups/misconfigured-oatuh-leads-to-pre-account-takeover.md): If you enjoy what I do, please support me  Buy Me Ko-fi! https://ko-fi.com/h0tak88r
- [Automating Bug Bounty with GitHub Actions](https://sec88.0x88.online/write-ups/automating-bug-bounty-with-github-actions.md)
- [From Recon to Reward: My Bug Bounty Methodology when Hunting on Public Bug Bounty Programs](https://sec88.0x88.online/write-ups/from-recon-to-reward-my-bug-bounty-methodology-when-hunting-on-public-bug-bounty-programs.md): If you enjoy what I do, please support me  Buy Me Ko-fi! https://ko-fi.com/h0tak88r
- [Exploring Subdomains: From Enumeration to Takeover Victory](https://sec88.0x88.online/write-ups/exploring-subdomains-from-enumeration-to-takeover-victory.md): If you enjoy what I do, please support me  Buy Me Ko-fi! https://ko-fi.com/h0tak88r
- [0-Click Account Takeover via Insecure Password Reset Feature](https://sec88.0x88.online/write-ups/0-click-account-takeover-via-insecure-password-reset-feature.md): If you enjoy what I do, please support me  Buy Me Ko-fi! https://ko-fi.com/h0tak88r
- [How a Simple Click Can Lead to Account Takeover: An OAuth Insecure Implementation Vulnerability](https://sec88.0x88.online/write-ups/how-a-simple-click-can-lead-to-account-takeover-an-oauth-insecure-implementation-vulnerability.md): If you enjoy what I do, please support me  Buy Me Ko-fi! https://ko-fi.com/h0tak88r
- [The Power Of IDOR even if it is unpredictable IDs](https://sec88.0x88.online/write-ups/finding-high-impact-bugs-in-a-private-bug-bounty-program-our-success-story.md)
- [Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens](https://sec88.0x88.online/write-ups/unlocking-the-weak-spot-exploiting-insecure-password-reset-tokens.md): Buy Me Ko-fi! https://ko-fi.com/h0tak88r
- [AI Under Siege: Discovering and Exploiting Vulnerabilities](https://sec88.0x88.online/write-ups/ai-under-siege-discovering-and-exploiting-vulnerabilities.md)
- [Inside the Classroom: How We Hacked Our Way Past Authorization on a Leading EdTech Platform](https://sec88.0x88.online/write-ups/inside-the-classroom-how-we-hacked-our-way-past-authorization-on-a-leading-edtech-platform.md)
- [How We Secured Our Client’s Platform Against Interaction-Free Account Thefts](https://sec88.0x88.online/write-ups/how-we-secured-our-clients-platform-against-interaction-free-account-thefts.md)
- [Unchecked Privileges: The Hidden Risk of Role Escalation in Collaborative Platforms](https://sec88.0x88.online/write-ups/unchecked-privileges-the-hidden-risk-of-role-escalation-in-collaborative-platforms.md)
- [Decoding Server Behavior: The Key to Mass Account Takeover](https://sec88.0x88.online/write-ups/decoding-server-behavior-the-key-to-mass-account-takeover.md)
- [Exploiting JSON-Based CSRF: The Hidden Threat in Profile Management](https://sec88.0x88.online/write-ups/exploiting-json-based-csrf-the-hidden-threat-in-profile-management.md)
- [How We Turned a Medium XSS into a High Bounty by Bypassing HttpOnly Cookie](https://sec88.0x88.online/write-ups/how-we-turned-a-medium-xss-into-a-high-bounty-by-bypassing-httponly-cookie.md)
- [How Monitoring Target Updates Helped Me Earn Bounties in Bug Bounty](https://sec88.0x88.online/write-ups/how-monitoring-target-updates-helped-me-earn-bounties-in-bug-bounty.md)
- [Semi-Automating My Android Bug Hunting Flow with apkX](https://sec88.0x88.online/write-ups/semi-automating-my-android-bug-hunting-flow-with-apkx.md)
- [Using N8N To Orchestrate Web and Mobile Bug Hunting](https://sec88.0x88.online/write-ups/using-n8n-to-orchestrate-web-and-mobile-bug-hunting.md)
- [Hacking Android Labs](https://sec88.0x88.online/write-ups/hacking-labs.md)
- [Injured Android](https://sec88.0x88.online/write-ups/hacking-labs/injured-android.md)
- [Hacking the VulnWebView Lab](https://sec88.0x88.online/write-ups/hacking-labs/hacking-the-vulnwebview-lab.md): Lab Link: https://github.com/t4kemyh4nd/vulnwebview
- [Hacking InsecureBankv2 App](https://sec88.0x88.online/write-ups/hacking-labs/hacking-insecurebankv2-app.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sec88.0x88.online/write-ups.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.