HackerOne
TryHackMe
HackTheBox
CodeWars
Buy Me a Coffee
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
Posts by Year
2023
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
2022
How to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation
Pentesting article: how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
Time-based SQL injection in a login form
Partial disclosure of a bug bounty report: time-based SQL injection in login form.
Reflected XSS bypassing HTML tag removal sanitization
Partial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
eJPT certification review
Review of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.