Exploiting XXE and SSRF Vulnerabilities in Tibco WebFOCUS and Epson ePOS PrinterIn today’s post, I’ll discuss a recent discovery I made while hunting on a private bug bounty program. During this, I uncovered several XML…Aug 14Aug 14
Breaking the Barrier: Remote Code Execution via SSTI in FreeMarker Template EngineIn 2023, I discovered a significant vulnerability in an application that was using outdated version of the FreeMarker template engine. The…Jul 6, 2023Jul 6, 2023
Exploiting DOM Based XSS via Misconfigured postMessage() FunctionToday, we will be discussing how to exploit DOM-based XSS through Misconfigured Postmessage function. Two sites can communicate with each…Mar 31, 2022Mar 31, 2022
PDFReacter SSRF to ROOT Level Local File Read which led to RCEWhat is PDFReacter? - PDFReacter is a parser which parses HTML content from HTML to PDF.Apr 18, 20193Apr 18, 20193
Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack HackersOne day I was playing with a tool debookee (Network Traffic Interception) in the office, I noticed that the tool was intercepting facebook…Apr 6, 20194Apr 6, 20194
Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack.While testing an application, there was a module “Delete User” in which an admin can delete any user.Mar 12, 20191Mar 12, 20191
Abusing ACL Permissions to Overwrite other User’s Uploaded Files/Videos on s3 BucketHi all, Today I am writing a blog about on a recent finding on HackerOne’s one of the program. I was looking for IDORs in an application…Dec 30, 2018Dec 30, 2018
Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )Hi everyone, After completing my OSCP certification I thought to give a try to bug bounty, as OSCP has sharpened my exploitationSkills.Sep 18, 20183Sep 18, 20183
How i hacked my Internet Service Provider and automated the attack. ( Hacked to Learn)I’ll be using victim.com as a site name in the article as i cannot disclose the name.It was a normal day and i was looking for some good…Feb 17, 20184Feb 17, 20184
Published inInfoSec Write-upsChaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss)while i was testing the web application i have found self xss. which has no impact. but i wanted to exploit this vulnerability, so have…Sep 18, 20171Sep 18, 20171