hackcommander.github.io

Iván Santos Malpica
(Aka. HackCommander)

Mathematician and Computer Engineer / Pentester / Bug Bounty Hunter / CTF Player

How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation

November 12, 2022

Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.

Time-based SQL injection in a login form

October 17, 2022

Partial disclosure of a bug bounty report: time-based SQL injection in login form.

web osint leakix portswigger burpsuite sql injection mysql information_schema sqlmap php info page

Reflected XSS bypassing HTML tag removal sanitization

September 20, 2022

Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.

web osint amass httpx burpsuite gau kxss xss python bypass sanitization

eJPT certification review

September 01, 2022

Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.

certification elearnsecurity ejpt pentesting

Iván Santos Malpica(Aka. HackCommander)

Recent Posts

How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation

Time-based SQL injection in a login form

Reflected XSS bypassing HTML tag removal sanitization

eJPT certification review

Iván Santos Malpica
(Aka. HackCommander)