PinnedViktor MaresUnusual 403 Bypass to a full website takeover [External Pentest]Today we’ll look at one of the external penetration tests that I carried out earlier this year. Due to the confidentiality agreement, we…Dec 25, 202219Dec 25, 202219
PinnedViktor MaresALWAYS test 404 Not Found in Bug Bounties!Hi everyone, today I want to show why you should always test websites that have no “/” directory and what many other Bug Bounty hunters…Feb 66Feb 66
PinnedViktor MaresSecret Input Header leads to Password Reset PoisoningHi Everyone, today I want to showcase why it is important to search for unkeyed headers and what it can lead to. The vulnerability has…Jan 181Jan 181
PinnedViktor MaresCrazy PII leak via API MisconfigurationHi everyone, today we’ll look at one of the external penetration tests that I carried out. The vulnerability has already been patched…Nov 2, 20232Nov 2, 20232
PinnedViktor MaresBypassing AWS WAF — A story of Stored XSS (P2)Today we’ll look at a penetration test that I carried out earlier this year. Due to the confidentiality agreement, we will use the usual…Oct 19, 2023Oct 19, 2023
Viktor MaresDeep Diving into CVE-2023–46298: Resource Exhaustion in Next.jsHi Everyone, today I will do a bit of a different blog, which will be about my research on CVE-2023–46298, which was classified by Snyk as…Nov 8, 2023Nov 8, 2023
Viktor MaresEscalating XSS with CRLF to Account Takeover (without stealing the Session token)Hi Everyone,Aug 25, 20232Aug 25, 20232
Viktor MaresImage upload leads to Mass Account Takeover & PII leakHi Everyone,Aug 4, 20232Aug 4, 20232
Viktor MaresCSTI vulnerabilities will get you $$$ and this is whyHi everyone, today I want to talk about CSTI (Client-Side Template Injection) Vulnerabilities and how you can exploit those to execute…Apr 16, 2023Apr 16, 2023
Viktor MaresMy honest take on the eWPT exam — Positives, Negatives and Tips & TricksHi Everyone, today I want to talk about the eWPT exam by eLearnSecurity & the learning materials by INE — I will divide the whole…Mar 31, 2023Mar 31, 2023