PinnedRachid.ANext.js and cache poisoning: a quest for the black holeBlog migration, find my new article here…Jun 24Jun 24
PinnedRachid.AWAF as a weapon and DOS as a bulletBlog migration, find my new article here: https://zhero-web-sec.github.io/research-and-things/waf-as-a-weapon-and-dos-as-a-bulletMay 30May 30
PinnedRachid.AinInfoSec Write-upsDOS via cache poisoningToday I’m going to talk about cache, denial of service, and a vulnerability I recently found in a very large company.May 17, 20237May 17, 20237
Rachid.AinInfoSec Write-upsA web cache deception chained to a CSRF, the recipeRecently, I received a bounty for a vulnerability discovered on an e-commerce site allowing the personal information — including the…Oct 25, 20232Oct 25, 20232
Rachid.AinInfoSec Write-upsXSS Intigriti challenge 0523Let me explain how did I overcome this XSS challenge set up by the bug bounty platform Intigriti. It may be a source of inspiration for…May 29, 20231May 29, 20231
Rachid.AinInfoSec Write-upsA successful prototype pollution chained to a DOM XSSI recently found a vulnerability that is a little less common and quite interesting in how it works.Apr 10, 20233Apr 10, 20233
Rachid.AinInfoSec Write-upsAn IDOR vulnerability often hides many othersSome errors are occasional, others result from poor design, in this case, finding a vulnerability allows you to find many others…Jan 31, 20232Jan 31, 20232
Rachid.AinInfoSec Write-upsCreating your own tools to hunt bugs, a power often neglectedCreating your own tools based on the needs encountered while hunting bugs is often a power that is overlooked…Jan 20, 2023Jan 20, 2023
Rachid.AinInfoSec Write-upsHTML injection in an email templateSend emails on behalf of a company? Here’s how I found this vulnerability in several large companies allowing me to easily earn bounties.Jan 8, 2023Jan 8, 2023