XSS to Account TakeoverBypassing CSRF Header Protection and HTTPOnly CookieOct 29, 20191Oct 29, 20191
[Bug Bounty] Exploiting Cookie Based XSS by Finding RCEWhen doing penetrating on this target, I collaborated with YoKo Kho to get the highest privileges. In this paper you may find a little…Sep 22, 20191Sep 22, 20191
AWS Metadata Disclosure via “Hardcoded Host” Download FunctionKetika kita mengunjungi website, baik website yang berupa aplikasi maupun company profile, ada kalanya kita menemukan sebuah tautan untuk…Aug 22, 2019Aug 22, 2019
AWS Metadata Disclosure via “Hardcoded Host” Download FunctionSometimes, when visiting a website, we find a link to download files from that site. The downloaded file can be a guide, tutorial, or…Aug 21, 2019Aug 21, 2019
Reflected XSS on Error PageSometimes to exploit an XSS (specifically Reflected XSS), we are focused on finding input pages such as Search Columns and etc to to find…Jun 11, 20191Jun 11, 20191
