The N45HT Blog – Peeking Into the Shadows of Cybersecurity

Skip to content

The N45HT Blog

HOME
LEARNING
TOOLS
NEWS
RESEARCH

Finding WordPress Vulnerabilities on CarGurus with WPScan

XAdmin

•

August 19, 2023

While exploring CarGurus’ bug bounty program, I discovered a reflected XSS vulnerability on their subdomain dealercentre.cargurus.co.uk. This writeup…
N45HTCTF2023

XAdmin

•

July 21, 2023

N45HTCTF2023 | “Cyber Security and Indonesian History” N45HT held a CTF (Capture the Flag) event to celebrate independence…
Stored XSS on Chess24.com

Choirur Rizal

•

June 24, 2023

I recently registered on Chess24.com and, after playing a few games, decided to conduct a quick security analysis…
XSS: Bypass CloudFront WAF

Choirur Rizal

•

June 21, 2023

In this article, we will share how we successfully bypassed the CloudFront WAF (Web Application Firewall) to exploit…
Exploiting HTTPStatus.io: An XSS via Protocol Handling

Choirur Rizal

•

April 15, 2023

httpstatus.io is a tool that allows you to check HTTP status codes, headers, and redirects. For example, when…
Stored XSS on LaporBug.id: Injecting Payloads through Profile Images

Choirur Rizal

•

November 29, 2022

LaporBug.id is a Bug Bounty Platform based in Indonesia. If you want to know more about LaporBug.id, visit…
Exploiting %0A Injection for XSS on Samsung

Choirur Rizal

•

November 28, 2022

I began by searching for subdomains using Sublist3r and then checked the HTTP status codes for each subdomain…
POST-based XSS on DomaiNesia

Choirur Rizal

•

November 27, 2022

DomaiNesia is a company that offers domain registration, web hosting, VPS, and other related services. In this report,…

←Previous Next→

Search

Recent Posts

Drupal CVE-2026-9082 Checker
We recently created a small Python tool to detect CVE-2026-9082,… Read more: Drupal CVE-2026-9082 Checker
We’re Hiring — Node.js Cybersecurity Expert
N45HT is currently looking for a talented and experienced Node.js… Read more: We’re Hiring — Node.js Cybersecurity Expert
Exposed Production Database Found on Sitemile.com
While browsing for WordPress themes, I came across sitemile.com. After… Read more: Exposed Production Database Found on Sitemile.com
YesWeHack Dojo – RubitMQ
Initial Ruby Application Code: The application processes user-supplied data by… Read more: YesWeHack Dojo – RubitMQ
Hacking AI with Markdown: How We Triggered XSS in DeepSeek’s Chat
AI-generated chat messages are becoming a cornerstone of modern digital… Read more: Hacking AI with Markdown: How We Triggered XSS in DeepSeek’s Chat

Social Media

Twitter
Instagram
LinkedIn
Facebook

Advertisement

Tags

API Bug Bounty Capture The Flag Command Injection Cross-site Scripting CTF CVE-2026-9082 Drupal ExifTool HTML Information Disclosure JavaScript Markdown Open Redirection PHP SQL Injection VDP WAF Web Application Firewall XSS XSSR XSSRush

Connect With Us

Bali, Indonesia
[email protected]

Twitter
Instagram
Facebook

Categories

Learning
Tools
News
Research

N45HT

About
Contact
Products
Security

Search

Looking for something specific? Try a search below!

Search

Copyright © 2023 | Made with love by SuperbThemes