Rahul Raj

Security Researcher

About Me

I'm a web application security researcher, penetration tester and a bug bounty hunter.


Things that I'm good at.

Web Application
Mobile Apps


My Recent Write-ups

Disable Instant Articles CTA as an Analyst

Intro Facebook Launched Call to Action (CTA) Units for Instant Articles which allows any Facebook Page to prompt readers to take a specific action. Since it was a new feature I thought to give it a try and I started testing it with different roles on the Page. Details After setting up call to action […]

Reflected Cross Site Scripting in Yahoo Subdomain

Intro Hi Guys, This is my first blog post so pardon me for mistakes. I found this bug way back in 2014 when Yahoo’s bug bounty was launched on Hackerone. Yahoo have a huge scope of under their bug bounty program. Details URL: https://tw.user.bid.yahoo.com POC https://tw.user.bid.yahoo.com/tw/uconfig/multinpbremind?.done=javascript:alert(“XSS”) I normally started by enumerating sub-domains and found Yahoo’s […]