It’s been a while since my last post in this blog. Two years back I got lost in OSINT so I’ll post here what I’ve learn so far. I’ve been using OSINT in my work such as doing investigation with news gathering team, protecting company brand with legal team etc. …

Well this story is just for fun testing SSRF not a bounty write up. I found a random web that vulnerable to SSRF but in order to exploit it i should convert my input to base64. Here is the site http://playfreedownloadgames.com:2483/proxy.php?url=aHR0cDovL3d3dy50b3A4MHNnYW1lcy5jb20vc2l0ZS9jb250ZW50L3BhY21hbg==. …

Well this submission make me get the patient badge on h1 coz it’s more then 6 month (1 year) hehehehehe. I got sqli vulnerability when test with apostrophe (‘). Sorry for the redacted guys. 😛 I do register as affiliate on the web as usual. Then got redirect to POST…

So back in December 2017 i found a command injection vulnerability in one of job listing site. Here is the simple proof of concept. The vulnerable parameter is filename. I do test with this command `sleep 5` and the response is delayed for 5–6 seconds (6.113 millis). …

While doing recon in Shodan, i found that Geovision GeoHttpServer script is vulnerable to Cross-Site Scripting (XSS). I don’t know which version who vulnerable with this. By using POST method i was able to execute XSS payload. I have check on cvedetails in this one and this one and there…

This vulnerability counts as low to medium risk. All you need is install Cookies Manager+ addon in firefox or any other addon/plugin used to manipulate cookie. Browse the page as usual. Open Cookies Manager+ and search for vulnerable cookie parameter, in this example is C_UL parameter. Double click on it and change the content with XSS payload and Save it.

Hi guys Just wanna share a trick from Local File Inclusion/File Path Traversal to Remote Code Execution by injecting the access_log. I have a target http://proqualitycontrol.com/index.php?page=aboutus and it’s vulnerable to LFI/FPT. It’s a live website. Inject the target with ../../../../../../../../../../../../../../../etc/passwd%00 payload. Now change with /etc/httpd/conf/httpd.conf. Not all httpd.conf path is…