Hello Hunters! Today’s topic is about CVE 2021–41773. Without further delay let’s get start.


A vulnerability has been found in Apache HTTP Server 2.4.49 and classified as critical. This vulnerability affects an unknown code of the component Path Normalization. The manipulation with an unknown input lead to a Local File Inclusion. The CWE definition for the vulnerability is CWE-22. As an impact it is known to affect confidentiality, CVE-2021–41773 has been exploited in the wild as a zero-day.



  • Search Query 1: Apache 2.4.49
  • Search Query 2: Server: Apache/2.4.49

Hellow folks! I hope you’re well! In this writeup I’ll tell you how I become low privilege user to an Admin. So without further delay let’s get started.

I was hunting on private program of Bugcrowd. That company was providing Cloud Security, Network Security, etc. (Related to Cyber Security). I…

Hellow bug hunters! I’m back again with another writeup. Mostly I don’t show off my bounties🤑 . But this writeup is not for bounty purpose. I’ll tell you what mistakes I have done and which you shouldn’t repeat for the same bug like I did. I’ll also share with you…

Hello friends! In this article, We are going to see How to Identify, Mass hunt and Exploit Moodle.

What is Moodle?

Moodle is a free and open-source learning management system (LMS) written in PHP and distributed under the GNU General Public License. …

After getting lots of requests for bypass WAF in my DMs about my previous writeup. I decided to make writeup. “Knowledge is free”. Without any delay let’s start.

I hope you guys are know about SQL Injection and their type. …

Hello folks! How are you all? I hope you’re doing great. I’m back again with very interesting writeup I hope you’ll enjoy. So, without wasting time let’s get started.

I was hunting on private program as it is. I spent almost 2 days on the target. There was very less…

Hey hunters! This writeup is related with my previous writeup. I’ll share with you how I was able to bypass 403 Forbidden. So, Let’s get start.

While hunting on private program I got 403 Forbidden on erp.redacted.com/plesk-stat.

Hello folks! I’m back again with my another writeup. This writeup is about Microsoft Hall of fame that I am able to find Information Disclosure in domain of Microsoft. And I will also share my template which was released yesterday. So, without any delay let’ begin.

I performed initial recon…

Hello friends, I hope you are hunting well in this pandemic. In this writeup I will tell you How I got Hall of fame. Actually, not accidental but “Observation wins”. So, without wasting time let’s get started.

As usual I was hunting on responsible programs. So, I chose Netherlands’s University…

If you know you know

Hello Folks! How’re you? I hope you’re doing well. I’m Dipak (th3.d1p4k) from India . In this writeup I will going to tell you that How I got my first bounty and approach to hunt bug.

This is my first writeup of my first bug bounty. I’ll be sharing my…


Bug hunter | CCSE

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store