PinnedUnusual 403 Bypass to a full website takeover [External Pentest]Today we’ll look at one of the external penetration tests that I carried out earlier this year. Due to the confidentiality agreement, we…Dec 25, 202219Dec 25, 202219
PinnedALWAYS test 404 Not Found in Bug Bounties!Hi everyone, today I want to show why you should always test websites that have no “/” directory and what many other Bug Bounty hunters…Feb 6, 20247Feb 6, 20247
PinnedSecret Input Header leads to Password Reset PoisoningHi Everyone, today I want to showcase why it is important to search for unkeyed headers and what it can lead to. The vulnerability has…Jan 18, 20241Jan 18, 20241
PinnedCrazy PII leak via API MisconfigurationHi everyone, today we’ll look at one of the external penetration tests that I carried out. The vulnerability has already been patched…Nov 2, 20232Nov 2, 20232
PinnedBypassing AWS WAF — A story of Stored XSS (P2)Today we’ll look at a penetration test that I carried out earlier this year. Due to the confidentiality agreement, we will use the usual…Oct 19, 2023Oct 19, 2023
Deep Diving into CVE-2023–46298: Resource Exhaustion in Next.jsHi Everyone, today I will do a bit of a different blog, which will be about my research on CVE-2023–46298, which was classified by Snyk as…Nov 8, 2023Nov 8, 2023
Escalating XSS with CRLF to Account Takeover (without stealing the Session token)Hi Everyone,Aug 25, 20232Aug 25, 20232
CSTI vulnerabilities will get you $$$ and this is whyHi everyone, today I want to talk about CSTI (Client-Side Template Injection) Vulnerabilities and how you can exploit those to execute…Apr 16, 20231Apr 16, 20231
My honest take on the eWPT exam — Positives, Negatives and Tips & TricksHi Everyone, today I want to talk about the eWPT exam by eLearnSecurity & the learning materials by INE — I will divide the whole…Mar 31, 2023Mar 31, 2023