user avatar
Rahul Maini
@iamnoooob
Research at @httpvoid0x2f @HacktronAI, before @pdiscoveryio
blog.noob.ninja
Born February 8, 1998
Joined November 2014
2,320
Following
14.9K
Followers
Posts
  • Pinned
    user avatar
    Rahul Maini
    @iamnoooob
    Jan 15, 2021
    I and @rootxharsh found and exploited a 0Day RCE in Apple's Travel Portal and were rewarded with $50K. Here's the write-up for that: github.com/httpvoid/write…
  • user avatar
    Rahul Maini
    @iamnoooob
    Aug 31, 2021
    Here's our writeup of CVE-2021-26084 Confluence RCE now that it's out in public. Although, there are still a few mysteries to be solved. cc: @rootxharsh github.com/httpvoid/write…
  • user avatar
    Rahul Maini
    @iamnoooob
    Dec 8, 2019
    I recently exploited an XXE with a very cool trick and wrote a blog post tl;dr; Exploiting XXE to read files when HTTP OOB is not allowed but errors are enabled :D noob.ninja/2019/12/spilli…
  • user avatar
    Rahul Maini
    @iamnoooob
    Aug 28, 2021
    Just did Atlassian Confluence UnAuth RCE CVE-2021-26084 along with @rootxharsh. It was relatively simpler than expected :D
  • user avatar
    Rahul Maini
    @iamnoooob
    Nov 8, 2017
    Here comes :D, my 2nd blog post: Local File Read via XSS in PDF(Generated on the Server Side) noob.ninja/2017/11/local-… similar to @bbuerhaus 's PhantomJS LFR blog post
  • user avatar
    Rahul Maini
    @iamnoooob
    Jul 21, 2019
    Been a long time since my last blog post. Here's a blog on Exploiting a Tricky SQLi inside LIMIT Clause that I was able to exploit with @securityidiots :D noob.ninja/2019/07/exploi…
  • user avatar
    Rahul Maini
    @iamnoooob
    Jul 21, 2018
    Done writing my next blog post on "Escalating Low Severity Issues To High Severity" Hope you guys like it :D noob.ninja/2018/07/escala…
  • user avatar
    Rahul Maini
    @iamnoooob
    Oct 16, 2019
    so We(me & @securityidiots) sat down together and wrote all we knew 😅 about XXE. Nothing new but could be a great reference for beginners. securityidiots.com/Web-Pentest/XX…
    user avatar
    Faraz Khan
    @securityidiots
    Oct 16, 2019
    securityidiots.com/Web-Pentest/XX…
  • user avatar
    Rahul Maini
    @iamnoooob
    Mar 8, 2019
    This person never cease to amaze with his write-ups! SSRF to Potential RCE in Vimeo medium.com/@rootxharsh_90… by @rootxharsh
    Vimeo SSRF with code execution potential.
    From infosecwriteups.com
  • user avatar
    Rahul Maini
    @iamnoooob
    Jan 16, 2018
    Got my first bounty reward of 2018 from @Google VRP :D Thank You Google VRP #BugBounty #xss
  • user avatar
    Rahul Maini
    @iamnoooob
    Dec 7, 2022
    Excited to share that I've joined the team at @pdiscoveryio as a vulnerability researcher along with @rootxharsh. Looking forward to working with such a talented group and to the opportunities that lie ahead!
  • user avatar
    Rahul Maini
    @iamnoooob
    Sep 13, 2020
    Was a great journey reading & learning the JNDI stuff! Everything was there in @orange_8361 's blog to construct it :D
    user avatar
    Harsh Jaiswal
    @rootxharsh
    Sep 13, 2020
    Sat down with @iamnoooob and worked on the recent Mobileiron MDM RCE by @orange_8361 and what a great find, Here's an RCE PoC using JNDI Injection via local classloading reference triggered using Hessian deserialization as stated in the blog. github.com/iamnoooob/CVE-…
  • user avatar
    Rahul Maini
    @iamnoooob
    Jan 26, 2018
    I failed on my first attempt but then I tried harder. Thanks, @offsectraining for the most awesome network Infrastructure Pentesting course made ever :D #OSCP
  • user avatar
    Rahul Maini
    @iamnoooob
    Mar 1, 2018
    Managed to come #1 on @Bugcrowd monthly leaderboard this time 😁. Oh! and btw on my way to @nullcon so, do come and say hi tomorrow 😅 #ItTakesACrowd #nullcon #goa