Homepage
Open in app
Sign in
Get started
Web Security
Cloud Security
Active Directory
Network Security
Wireless
Archive
About
GitHub
Web Application Security Series
Latest Articles
Adding Certificates to Postman & Burp Suite for API Testing
Adding Certificates to Postman & Burp Suite for API Testing
Testing APIs with Certificate-based authentication
Nairuz Abulhul
Apr 30
Injections
RCE with Server-Side Template Injection
RCE with Server-Side Template Injection
Python Flask Application with Jinja2 Template — Doctor HTB machine
Nairuz Abulhul
Nov 19, 2021
XSS to Exfiltrate Data from PDFs
XSS to Exfiltrate Data from PDFs
Inject Server-Side XSS into dynamically generated PDFs
Nairuz Abulhul
Jul 3, 2021
Bypass Authentication with SQL Truncation Attack
Bypass Authentication with SQL Truncation Attack
Injection Attacks, SQL Truncation, OWASP Top 10
Nairuz Abulhul
Jun 23, 2021
Eval(“console.log(‘RCE Warning’)”)
Eval(“console.log(‘RCE Warning’)”)
Remote Code Execution in Node.js using the Eval function — Dibble
Nairuz Abulhul
Oct 30, 2021
Chaining H2 Database Vulnerabilities for RCE
Chaining H2 Database Vulnerabilities for RCE
Remote Code Execution in H2 Database Engine
Nairuz Abulhul
Mar 6, 2021
What to do with XXE Vulnerability ?!!
What to do with XXE Vulnerability ?!!
Enumeration, Data Exfiltration, and SSRF Attacks
Nairuz Abulhul
Jan 14, 2021
Abusing SSRF on Selenium Grid
Abusing SSRF on Selenium Grid
Basic Server-Side Request Forgery on Selenium Grid Framework
Nairuz Abulhul
Dec 4, 2020
Insecure Deserialization with JSON .NET
Insecure Deserialization with JSON .NET
Remote Code Execution through Insecure Deserialization Vulnerability
Nairuz Abulhul
Nov 25, 2020
Error-Based XPath SQL Injection in OpenEMR
Error-Based XPath SQL Injection in OpenEMR
Data Exfiltration in OpenEMR 2018 v5.0.1
Nairuz Abulhul
Nov 15, 2020
About R3d Buck3T
Latest Stories
Archive
About Medium
Terms
Privacy
Teams