Skip to content

Bergee's Stories on Bug Hunting

hacking, cyber security and programming

Menu
  • Blog
  • About Me
  • Resources
  • Side projects
Menu

Side projects

Dad Jokes – mobile app for Android

https://play.google.com/store/apps/details?id=com.bergeedev.dadjokes

I created a small dad jokes serving app, written in pure Kotlin. Just press the button and read the dad joke. That’s all. All jokes can be read offline.

 

🖥 Get Hostinger VPS at a discount. I use it myself and highly recommend it.

  • Two crits, one zip
  • Why do you need the VPS for bug bounty
  • WAF bypass and credential theft with XSS and Google Analytics
  • How two dollars and one zip file let me read the server files
  • Subdomain takeover – easy $150 for five minutes of work
  • How I hacked XXXX for fun and !profit
  • Accessing admin panel with fuzzing, digging and guessing
  • From AngularJS CSTI to credentials theft
  • The story of exposed service, SSRF, CSP bypass and credentials stealing via XSS
  • “Hacking” the hotel room TV
  • Broken links hijacking and CDN takeover
  • How I found multiple critical bugs in Red Bull
  • Chaining multiple vulnerabilities for credential stealing
  • Blind account takeover
  • Turning cookie based XSS into account takeover
  • Blind os command injection
  • Five-minute hunting for hidden XSS
  • URL filter bypass, RFI and XSS
  • The forgotten API and XSS filter bypass
  • XSS via Angular Template Injection
  • Breaking things legally for fun and profit

Hackers' playground


https://www.tryhackme.com
https://www.pentesterlab.com
https://www.hackthebox.com
https://portswigger.net/web-security/all-labs
© 2026 Bergee's Stories on Bug Hunting | Powered by Minimalist Blog WordPress Theme