PinnedViktor MaresUnusual 403 Bypass to a full website takeover [External Pentest]Today we’ll look at one of the external penetration tests that I carried out earlier this year. Due to the confidentiality agreement, we…·4 min read·Dec 25, 2022--18--18
PinnedViktor MaresALWAYS test 404 Not Found in Bug Bounties!Hi everyone, today I want to show why you should always test websites that have no “/” directory and what many other Bug Bounty hunters…·4 min read·Feb 6, 2024--4--4
PinnedViktor MaresSecret Input Header leads to Password Reset PoisoningHi Everyone, today I want to showcase why it is important to search for unkeyed headers and what it can lead to. The vulnerability has…·5 min read·Jan 18, 2024--1--1
PinnedViktor MaresCrazy PII leak via API MisconfigurationHi everyone, today we’ll look at one of the external penetration tests that I carried out. The vulnerability has already been patched…·3 min read·Nov 2, 2023--2--2
PinnedViktor MaresBypassing AWS WAF — A story of Stored XSS (P2)Today we’ll look at a penetration test that I carried out earlier this year. Due to the confidentiality agreement, we will use the usual…·3 min read·Oct 19, 2023----
Viktor MaresDeep Diving into CVE-2023–46298: Resource Exhaustion in Next.jsHi Everyone, today I will do a bit of a different blog, which will be about my research on CVE-2023–46298, which was classified by Snyk as…·5 min read·Nov 8, 2023----
Viktor MaresEscalating XSS with CRLF to Account Takeover (without stealing the Session token)Hi Everyone,·5 min read·Aug 25, 2023--2--2
Viktor MaresImage upload leads to Mass Account Takeover & PII leakHi Everyone,·4 min read·Aug 4, 2023--2--2
Viktor MaresCSTI vulnerabilities will get you $$$ and this is whyHi everyone, today I want to talk about CSTI (Client-Side Template Injection) Vulnerabilities and how you can exploit those to execute…·3 min read·Apr 16, 2023----
Viktor MaresMy honest take on the eWPT exam — Positives, Negatives and Tips & TricksHi Everyone, today I want to talk about the eWPT exam by eLearnSecurity & the learning materials by INE — I will divide the whole…·6 min read·Mar 31, 2023----