HackerOne
TryHackMe
HackTheBox
CodeWars
Buy Me a Coffee
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
Posts by Tag
- web pentesting 8
- osint 7
- xss 6
- burpsuite 6
- amass 5
- httpx 5
- portswigger 5
- bypass 3
- gau 2
- kxss 2
- php info page 2
- elearnsecurity 1
- ejpt 1
- pentesting 1
- python 1
- sanitization 1
- leakix 1
- sql injection 1
- mysql 1
- information_schema 1
- sqlmap 1
- base64 1
- metasploitable 2 1
- exfiltrate cookies 1
- session hijacking 1
- utm parameters 1
- burp scanner 1
- http request smuggling 1
- sop 1
- cors 1
- vps 1
- reconftw 1
- nuclei 1
- subdomain takeover 1
web pentesting
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
osint
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
xss
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
burpsuite
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
amass
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
httpx
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
portswigger
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
bypass
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
gau
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
kxss
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
php info page
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
elearnsecurity
eJPT certification review
Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.
ejpt
eJPT certification review
Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.
pentesting
eJPT certification review
Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.
python
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
sanitization
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
leakix
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
sql injection
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
mysql
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
information_schema
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
sqlmap
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
base64
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
metasploitable 2
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
exfiltrate cookies
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
session hijacking
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
utm parameters
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
burp scanner
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
http request smuggling
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
sop
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
cors
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
vps
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
reconftw
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
nuclei
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
subdomain takeover
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.