Skip to content
View sahiloj's full-sized avatar
πŸ€–
Focusing
πŸ€–
Focusing
13 followers · 2 following

Achievements

Achievement: Pull Shark

Achievements

Achievement: Pull Shark

Highlights

  • Pro

Block or report sahiloj

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sahiloj/README.md

Hi πŸ‘‹, I'm Sahil Ojha

A passionate Offensive Security Researcher and Application Penetration Tester.

Coding

sahiloj

  • πŸ”­ I’m currently working on Application, Network Infrastructures and Cloud Security

  • πŸ“ I sometime write blogs on https://sahilojha.com.np

  • πŸ“œ Go through my 18 published CVEs

  • πŸ’¬ Ask me about Cybersecurity, Penetration Testing, Red Teaming, Security Solutions Engineering and Bug Bounty Hunting.

  • πŸ“« How to reach me : Twitter- @SahilOj

  • ⚑ Fun fact 🏍 Moto Ride

Connect with me:

sahiloj sahilojha @sahiloj

Languages and Tools:

azure aws gcp bash docker kubernetes git javascript linux php postman python

Pinned Loading

  1. MCPScan MCPScan Public

    Offensive MCP server auditor β€” detects tool poisoning, credential leaks, RCE vectors, SSRF, session hijacking, and supply chain vulnerabilities across stdio, HTTP, and SSE transports.

    TypeScript 5

  2. CVE-2025-5352 CVE-2025-5352 Public

    A stored XSS vulnerability exists in the Analytics component of lunary-ai/lunary where NEXT_PUBLIC_CUSTOM_SCRIPT is injected into the DOM using dangerouslySetInnerHTML without sanitization. An atta…

    1

  3. CVE-2023-31702 CVE-2023-31702 Public

    CVE-2023-31702 is an authenticated SQL Injection vulnerability discovered in MicroWorld Technologies eScan Management Console version 14.0.1400.2281.

    2 1

  4. CVE-2023-33730 CVE-2023-33730 Public

    eScan Management Console version 14.0.1400.2281 contains privilege escalation via `GetUserCurrentPwd` function lets attackers retrieve any user's password in plain text.

    1 1

  5. CVE-2023-34839 CVE-2023-34839 Public

    CVE-2023-34839 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Issabel PBX version 4.0.0-6, a widely used open-source Unified Communications platform.

    HTML 5 3