Hello Everyone, During a recent security assessment of Stanford University’s domains, I uncovered two XSS vulnerabilities. XSS is vulnerability which let users to execute javascript in the application. …

Hello everyone, Recently, I discovered instances of account takeover resulting from password reset manipulation at both Cambridge and Drexel University. Regarding Drexel, I was so much excited to know that my fourth security issue discovery was acknowledged, following the resolution of three duplicate Cross-site scripting vulnerabilities. Password reset poisoning is…

Hey, Everyone… Its been a while since I tried pentesting metasploitable 3 windows machine and had also written the report. Today, I want to share it with you. Any suggestions and constructive feedback is heartily welcomed. Information gathering and Scanning Passive Information Gathering Metasploitable3 is a VM that is built from the ground up with a large…

Hello everyone, This blog is about how I found LFI in domains using automation tools and google dorking, Let’s kick off. First of all, Local File Inclusion (LFI) is the web vulnerability that allows attacker to access the file on the server. …

Hello everyone, This is my first writeup about security finding (cross site scripting) in the uneca.org which helped me to be enlisted in the UN Hall of Fame. Let’s, First discuss about cross site scripting (xss) and why it is security issue to any organization. XSS is all about executing…