> For the complete documentation index, see [llms.txt](https://dmdhrumilmistry.gitbook.io/home/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dmdhrumilmistry.gitbook.io/home/blog/vulnerabilities-in-wild.md).

# Vulnerabilities in Wild

- [Hiring Platform Exposing Thousands of User's Data](https://dmdhrumilmistry.gitbook.io/home/blog/vulnerabilities-in-wild/hiring-platform-exposing-thousands-of-users-data.md): This page contains information regarding vulnerabilities which can lead to data leak of thousands of user's data
- [Security Analysis of the Indian Government's Student Assessment Platform](https://dmdhrumilmistry.gitbook.io/home/blog/vulnerabilities-in-wild/security-analysis-of-the-indian-governments-student-assessment-platform.md): This post discusses about various security concerns regarding an Indian Government's Platform which is used to assess lakhs of students across India.
- [Exploiting S3 bucket misconfiguration to dump users emails](https://dmdhrumilmistry.gitbook.io/home/blog/vulnerabilities-in-wild/exploiting-s3-bucket-misconfiguration-to-dump-users-emails.md): This page has writeup about how misconfigured Amazon S3 bucket was found leaking several users email and other docs in public domain.
- [Getting Shell Access to ADB Exposed Smart Devices 📲📺⌚](https://dmdhrumilmistry.gitbook.io/home/blog/vulnerabilities-in-wild/getting-shell-access-to-adb-exposed-smart-devices.md): Exploiting Exposed ADB ports to get shell access to various smart devices such as smart tvs, cameras, etc.
- [Hacking Mumbai's Metro ChatBot and APIs for FUN 🤸🏻‍♂️](https://dmdhrumilmistry.gitbook.io/home/blog/vulnerabilities-in-wild/hacking-mumbais-metro-chatbot-and-apis-for-fun.md): This blog post is regarding the time when I hacked into Mumbai's Metro Booking System from ChatBot to SQLi and breaking encryption.
- [Random Object Referencing IDs Still Aren't Safe in APIs 💥](https://dmdhrumilmistry.gitbook.io/home/blog/vulnerabilities-in-wild/random-object-referencing-ids-still-arent-safe-in-apis.md): This post discusses the common bad practices while using uuids and guids which could lead to vulnerabilities in software/web applications.
- [Exploring Weird Account TakeOver (ATO) Vulnerabilities in APIs](https://dmdhrumilmistry.gitbook.io/home/blog/vulnerabilities-in-wild/exploring-weird-account-takeover-ato-vulnerabilities-in-apis.md)
