-
Exploiting HTTPStatus.io: An XSS via Protocol Handling
•
httpstatus.io is a tool that allows you to check HTTP status codes, headers, and redirects. For example, when…
-
Stored XSS on LaporBug.id: Injecting Payloads through Profile Images
•
LaporBug.id is a Bug Bounty Platform based in Indonesia. If you want to know more about LaporBug.id, visit…
-
Exploiting %0A Injection for XSS on Samsung
•
I began by searching for subdomains using Sublist3r and then checked the HTTP status codes for each subdomain…
-
POST-based XSS on DomaiNesia
•
DomaiNesia is a company that offers domain registration, web hosting, VPS, and other related services. In this report,…
-
Reflected XSS Hidden Input in AT&T
•
During my testing of AT&T’s common login page, I discovered a reflected XSS vulnerability in the transactionID parameter.…
-
XSS 101
•
What is XSS? Cross-site scripting (XSS) is the most common vulnerability in web applications and allows an attacker…
-
Stored DOM-based XSS on Xiaomi
•
Yesterday, I discovered a Stored Cross-Site Scripting (XSS) vulnerability on the Xiaomi Forum via Markdown. Today, I’ve found…
-
WinRAR XSS
•
A few days ago, I discovered a Cross-site Scripting (XSS) vulnerability in WinRAR. In this article, I’ll walk…
Recent Posts
- Hacking AI with Markdown: How We Triggered XSS in DeepSeek’s Chat
AI-generated chat messages are becoming a cornerstone of modern digital… Read more: Hacking AI with Markdown: How We Triggered XSS in DeepSeek’s Chat - Critical SQL Injection in a Major Indonesian Web Hosting Platform
While exploring vulnerabilities in a major web hosting company in… Read more: Critical SQL Injection in a Major Indonesian Web Hosting Platform - Breaking Vercel’s Clone URL with a Simple XSS Exploit
During my exploration of Vercel’s platform, I discovered a reflected… Read more: Breaking Vercel’s Clone URL with a Simple XSS Exploit - Bypassing Razer’s WAF for XSS
While testing Razer’s web application, I identified an XSS vulnerability… Read more: Bypassing Razer’s WAF for XSS - Finding WordPress Vulnerabilities on CarGurus with WPScan
While exploring CarGurus’ bug bounty program, I discovered a reflected… Read more: Finding WordPress Vulnerabilities on CarGurus with WPScan
Social Media
Advertisement
Tags
API Bug Bounty Capture The Flag Cross-site Scripting CTF ExifTool HTML JavaScript Markdown Open Redirection PHP SQL Injection VDP WAF Web Application Firewall XSS XSSR XSSRush