Besides bXSSHave you seen someone sharing a vulnerability other than Blind XSS that was found in a contact form? — TBH I have never encountered such a…Jan 41Jan 41
Account TakeOver | Abusing the Application logic flaw in the reset password functionalityWhile hunting on a well tested program on bugcrowd, or so it seemed. I came accross an interesting find.Jan 42Jan 42
XML external entity (XXE) injectionIn todays writeup, i will dwell on yet another web vulnerability type from https://portswigger.net/web-security/xxe that allows the…Jun 7, 2024Jun 7, 2024
Race Conditionsin this write up, i will briefly discuss what race conditions are and ways to mitigate them.May 18, 2024May 18, 2024
File upload vulnerabilities | PortswiggerHere, we will learn how simple file upload functionalities can be used as a powerful vector for a number of high-severity attacks.Apr 30, 2024Apr 30, 2024
HTTP request smugglingHello Everyone, this is yet another continuation to the HTTP request smuggling smuggling. This writeup is meant to cover the advanced…Apr 21, 2024Apr 21, 2024
HTTP Request SmugglingWelcome to another walk through on HTTP request smuggling as provided by https://portswigger.net/web-security/request-smugglingApr 12, 2024Apr 12, 2024
NoSQL injectionNoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database…Jan 12, 2024Jan 12, 2024
Insecure De-serializationSerialization is the process of converting complex data structures, such as objects and their fields, into a “flatter” format that can be…Jan 6, 2024Jan 6, 2024
