PGP
HackerOne
Yogosha
YesWeHack
TryHackMe
HackTheBox
CodeWars
Buy Me a Coffee
Breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer
Partial disclosure of a bug bounty report: breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer.
Posts by Tag
- web 13
- burpsuite 11
- osint 9
- xss 7
- portswigger 7
- amass 6
- httpx 6
- bypass 5
- gau 3
- kxss 3
- sql injection 2
- mysql 2
- sqlmap 2
- php info page 2
- burp scanner 2
- vulnyx 2
- nmap 2
- command injection 2
- certification 1
- elearnsecurity 1
- ejpt 1
- pentesting 1
- python 1
- sanitization 1
- leakix 1
- information_schema 1
- base64 1
- metasploitable 2 1
- exfiltrate cookies 1
- session hijacking 1
- utm parameters 1
- http request smuggling 1
- sop 1
- cors 1
- vps 1
- reconftw 1
- nuclei 1
- subdomain takeover 1
- collaboration 1
- google dorking 1
- 0iq 1
- gtfobins 1
- binary exploitation 1
- arbitrary file upload 1
- ffuf 1
- directory listing 1
- cronjob 1
- life hacking event 1
- hackernight 1
- rootedcon 1
- yogosha 1
- first blood 1
- nikto 1
- mod_proxy_balancer 1
- ssrf 1
web
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
VulNyx: HackingStation
Writeup of the machine HackingStation from VulNyx.
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
burpsuite
Breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer
Partial disclosure of a bug bounty report: breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer.
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
osint
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
xss
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
portswigger
Breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer
Partial disclosure of a bug bounty report: breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer.
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
amass
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
httpx
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
bypass
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
gau
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
kxss
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
sql injection
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
mysql
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
sqlmap
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
php info page
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
burp scanner
Breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer
Partial disclosure of a bug bounty report: breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
vulnyx
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
VulNyx: HackingStation
Writeup of the machine HackingStation from VulNyx.
nmap
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
VulNyx: HackingStation
Writeup of the machine HackingStation from VulNyx.
command injection
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
VulNyx: HackingStation
Writeup of the machine HackingStation from VulNyx.
certification
eJPT certification review
Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.
elearnsecurity
eJPT certification review
Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.
ejpt
eJPT certification review
Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.
pentesting
eJPT certification review
Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.
python
sanitization
leakix
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
information_schema
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
base64
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
metasploitable 2
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
exfiltrate cookies
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
session hijacking
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Research on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
utm parameters
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
http request smuggling
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
sop
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
cors
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
vps
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
reconftw
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
nuclei
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
subdomain takeover
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
collaboration
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
google dorking
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
0iq
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0, defeating automation through manual exploitation.
gtfobins
VulNyx: HackingStation
Writeup of the machine HackingStation from VulNyx.
binary exploitation
VulNyx: HackingStation
Writeup of the machine HackingStation from VulNyx.
arbitrary file upload
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
ffuf
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
directory listing
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
cronjob
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
life hacking event
HackerNight 2024: my first live hacking event
Review of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
hackernight
HackerNight 2024: my first live hacking event
Review of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
rootedcon
HackerNight 2024: my first live hacking event
Review of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
yogosha
HackerNight 2024: my first live hacking event
Review of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
first blood
HackerNight 2024: my first live hacking event
Review of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
nikto
Breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer
Partial disclosure of a bug bounty report: breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer.
mod_proxy_balancer
Breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer
Partial disclosure of a bug bounty report: breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer.
ssrf
Breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer
Partial disclosure of a bug bounty report: breaking the perimeter by exploiting routing-based SSRF via a misconfigured load balancer.