hackcommander.github.io

Iván Santos Malpica
(Aka. HackCommander)

Mathematician and Computer Engineer / Pentester / Bug Bounty Hunter / CTF Player

Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls

March 06, 2023

Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.

web osint amass httpx gau kxss utm parameters burpsuite portswigger xss bypass

How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation

November 12, 2022

Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.

web burpsuite base64 metasploitable 2 xss exfiltrate cookies session hijacking php info page bypass

Time-based SQL injection in a login form

October 17, 2022

Partial disclosure of a bug bounty report: time-based SQL injection in login form.

web osint leakix portswigger burpsuite sql injection mysql information_schema sqlmap php info page

Reflected XSS bypassing HTML tag removal sanitization

September 20, 2022

Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.

web osint amass httpx burpsuite gau kxss xss python bypass sanitization

eJPT certification review

September 01, 2022

Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.

certification elearnsecurity ejpt pentesting

Iván Santos Malpica(Aka. HackCommander)

Recent Posts