Open in app

Sign In

Write

Sign In

Santosh Kumar Sha (@killmongar1996)
Santosh Kumar Sha (@killmongar1996)

1.8K Followers

Home

About

Mar 21

How I got access to Essilor International company customer PII INFO by AWS metadata access through SSRF

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I was able Find multiple SSRF with aws metadata access ON a Essilor International company System and Get access to there production server. I am now offering 1:1 sessions to…

Penetration Testing

4 min read

How I got access to Essilor International company customer PII INFO by AWS metadata access through…
How I got access to Essilor International company customer PII INFO by AWS metadata access through…
Penetration Testing

4 min read


Published in

InfoSec Write-ups

·Aug 28, 2022

Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator

Hi, everyone My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be describing How I found Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator I am now offering 1:1 sessions to share my knowledge and expertise: topmate.io/santosh_kumar_sha SPECIAL Note: …

Hacking

4 min read

Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator
Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator
Hacking

4 min read


Aug 28, 2022

How I found reflected XSS on IDFC Bank with burp-suite Intruder

Hi, everyone My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be describing How I found reflected XSS on IDFC Bank with burp-suite Intruder. I am now offering 1:1 sessions to share my knowledge and expertise: topmate.io/santosh_kumar_sha SPECIAL Note: Don’t go outside test…

Ethical Hacking

4 min read

How I found reflected XSS on IDFC Bank with burp-suite Intruder
How I found reflected XSS on IDFC Bank with burp-suite Intruder
Ethical Hacking

4 min read


Jun 14, 2022

Automating reflected XSS with burp-suite Intruder

Hi, everyone My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be describing how i found multiple reflected XSS using burp-suite intruder. I am now offering 1:1 sessions to share my knowledge and expertise: topmate.io/santosh_kumar_sha SPECIAL COVID-19 Note: Don’t go outside without any reason…

Burpsuite

4 min read

Automating reflected XSS with burp-suite Intruder
Automating reflected XSS with burp-suite Intruder
Burpsuite

4 min read


Dec 25, 2021

HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank along AWS Metadata access

Hi, everyone My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be describing HOW I Found 16 Critical and 1 Medium Security Bug on IndusInd Bank like SSRF aws Full access. I am now offering 1:1 sessions to share my knowledge…

Bug Bounty

5 min read

HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank along AWS Metadata access
HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank along AWS Metadata access
Bug Bounty

5 min read


Dec 25, 2021

How I got access to Maxlifeinsurance insurance company customer PII INFO by AWS metadata access through SSRF

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I was able Find multiple SSRF with aws metadata access ON a Maxlifeinsurance insurance company System and Get access to there production server. I am now offering 1:1 sessions to…

Bug Bounty

5 min read

How I got access to Maxlifeinsurance insurance company customer PII INFO by AWS metadata access…
How I got access to Maxlifeinsurance insurance company customer PII INFO by AWS metadata access…
Bug Bounty

5 min read


Dec 24, 2021

Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of INDIA).

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Tinsukia, Assam). In this article, I will be describing how I was able to access million of startup register details by SSRF aws metadata exploitation. I am now offering 1:1 sessions to share my knowledge and expertise: …

Pentesting

6 min read

Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…
Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…
Pentesting

6 min read


Dec 9, 2021

Exploiting S3 bucket with path folder to Access PII info of A BANK

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I Exploiting S3 bucket with path folder to Access PII info of A BANK using AWS cli . I am now offering 1:1 sessions to share my knowledge and expertise: …

Bug Bounty

6 min read

Exploiting S3 bucket with path folder to Access PII info of A BANK
Exploiting S3 bucket with path folder to Access PII info of A BANK
Bug Bounty

6 min read


Aug 14, 2021

Finding multiple SSRF with aws metadata access on A BANK system

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I was able Find multiple SSRF with aws metadata access ON a BANK System and Get access to there production server. I am now offering 1:1 sessions to…

Bug Bounty

4 min read

Bug Bounty

4 min read


Jul 20, 2021

How I was able Find mass leaked AWS s3 bucket from js File

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I was able Find mass leaked AWS s3 bucket from js File. I am now offering 1:1 sessions to share my knowledge and expertise: topmate.io/santosh_kumar_sha SPECIAL COVID-19 Note: Don’t go outside…

Bugcrowd

4 min read

How I was able Find mass leaked AWS s3 bucket from js File
How I was able Find mass leaked AWS s3 bucket from js File
Bugcrowd

4 min read

Santosh Kumar Sha (@killmongar1996)

Santosh Kumar Sha (@killmongar1996)

1.8K Followers

Cloud Security Engineer |Security Researcher |Pentester | Bugbounty hunter | Pentration tester | CTF player | topmate.io/santosh_kumar_sha

Following
  • Orwa Atyat

    Orwa Atyat

  • Ahmad Halabi

    Ahmad Halabi

  • Larry Kim

    Larry Kim

  • Chris Gethard

    Chris Gethard

See all (5)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams