XXE injection is a type of web security vulnerability that allows an attacker to interfere with the way an application processes XML data. Successful exploitation allows an attacker to view files from the application’s server and interact with any external or backend systems that the application can access.

Understanding XML Entities


XML stands…

I’ve made it through the XSS chapter of Portswigger’s Web Security Academy, which I highly suggest. It has helped me a lot to understand XSS and other web vulnerabilities. The schedule for the next few articles will be Stored XSS, DOM XSS, XSS Challenge Walkthroughs.

Becoming a highly skilled hacking marksman

Stored XSS Explained

Stored Cross Site Scripting is…

so LEET bro


Python 2: python -m SimpleHTTPServer {port}

Python 3: python3 -m http.server {port}


I constantly have struggled with sharing files between my host machine and my Ubuntu or Kali Linux VM and I know there is a way to create shared folders between VM and host but f*ck it. It has…

This is going to be a long series of posts on Cross Site Scripting. I have had some experience with it in the past but I would be lying if I said I’ve done more than 5 XSS challenges in my life, however at this moment I’ve far exceeded that…

In my last post on CSRF I discussed the basics of the attack and offered, what I think is, a great analogy for anyone who has a tough time understanding it. This post will focus on the techniques you can use to bypass CSRF protections and achieve a successful attack.

1337 h@ck34

Information inspired from Real-World Bug Hunting. A fantastic book to get into web hacking/bug hunting

Understanding the Idea of Cross Site Request Forgery

A Metapahor

Cross Site Request Forgery (CSRF) is the next vulnerability that I have spent the last week and a half learning more about. For me the best way to understand CSRF is to compare…

Información del libro “Real-World Bug Hunting”. Un libro fantástico aprender más sobre la piratería informática y bug hunting.

HTTP Parameter Pollution es una vulnerabilidad donde un hacker agrega parámetros extras a un protocolo de comunicación HTTP lo cual hace que sitios web tengan comportamientos inesperados.

Server-Side HPP

En este tipo de vulnerabilidad…

Information inspired from Real-World Bug Hunting. A fantastic book to get into web hacking/bug hunting

HTTP Parameter Pollution (HPP) is a vulnerability in which a hacker appends extra parameters to an HTTP request making a website perform unexpected behavior. This vulnerability can be found on the client-side or the server-side.

Server-Side HPP


100 lines of code, 100 terminal commands, 100 payloads and 1337 hacks only. Twitter: @OneHckMN1

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store