-
Critical SQL Injection in a Major Indonesian Web Hosting Platform
•
While exploring vulnerabilities in a major web hosting company in Indonesia, I discovered a critical SQL injection vulnerability…
-
Breaking Vercel’s Clone URL with a Simple XSS Exploit
•
During my exploration of Vercel’s platform, I discovered a reflected XSS vulnerability in the “clone project” functionality. This…
-
Bypassing Razer’s WAF for XSS
•
While testing Razer’s web application, I identified an XSS vulnerability in their /ajax endpoint. The issue arises due…
-
Finding WordPress Vulnerabilitieson CarGurus with WPScan
•
While exploring CarGurus’ bug bounty program, I discovered a reflected XSS vulnerability on their subdomain dealercentre.cargurus.co.uk. This writeup…
-
N45HTCTF2023
•
N45HTCTF2023 | “Cyber Security and Indonesian History” N45HT held a CTF (Capture the Flag) event to celebrate independence…
-
Stored XSS on Chess24.com
•
I recently registered on Chess24.com and, after playing a few games, decided to conduct a quick security analysis…
-
XSS: Bypass CloudFront WAF
•
In this article, we will share how we successfully bypassed the CloudFront WAF (Web Application Firewall) to exploit…
-
Exploiting HTTPStatus.io: An XSS via Protocol Handling
•
httpstatus.io is a tool that allows you to check HTTP status codes, headers, and redirects. For example, when…
Recent Posts
- Critical SQL Injection in a Major Indonesian Web Hosting Platform
While exploring vulnerabilities in a major web hosting company in… Read more: Critical SQL Injection in a Major Indonesian Web Hosting Platform - Breaking Vercel’s Clone URL with a Simple XSS Exploit
During my exploration of Vercel’s platform, I discovered a reflected… Read more: Breaking Vercel’s Clone URL with a Simple XSS Exploit - Bypassing Razer’s WAF for XSS
While testing Razer’s web application, I identified an XSS vulnerability… Read more: Bypassing Razer’s WAF for XSS - Finding WordPress Vulnerabilitieson CarGurus with WPScan
While exploring CarGurus’ bug bounty program, I discovered a reflected… Read more: Finding WordPress Vulnerabilitieson CarGurus with WPScan - N45HTCTF2023
N45HTCTF2023 | “Cyber Security and Indonesian History” N45HT held a… Read more: N45HTCTF2023
Social Media
Advertisement
Tags
API Bug Bounty Capture The Flag Cross-site Scripting CTF ExifTool HTML JavaScript Open Redirection PHP SQL Injection VDP WAF Web Application Firewall XSS XSSR XSSRush