About The Author
-

Exposed Production Database Found on Sitemile.com
While browsing for WordPress themes, I came across sitemile.com. After checking the technologies used on the site with…
-

Breaking Vercel’s Clone URL with a Simple XSS Exploit
During my exploration of Vercel’s platform, I discovered a reflected XSS vulnerability in the “clone project” functionality. This…
-

Finding WordPress Vulnerabilities on CarGurus with WPScan
While exploring CarGurus’ bug bounty program, I discovered a reflected XSS vulnerability on their subdomain dealercentre.cargurus.co.uk. This writeup…
-

Reflected XSS Hidden Input in AT&T
During my testing of AT&T’s common login page, I discovered a reflected XSS vulnerability in the transactionID parameter.…
-

$300 Bounty for Exploiting DOM-based XSS
While analyzing XING’s event management platform, I identified a reflected XSS vulnerability in the way event IDs are…
Recent Posts
- XSSR Pro is Now Available for FreeWe’re excited to announce that XSSR Pro is now available… Read more: XSSR Pro is Now Available for Free
- Drupal CVE-2026-9082 CheckerWe recently created a small Python tool to detect CVE-2026-9082,… Read more: Drupal CVE-2026-9082 Checker
- We’re Hiring — Node.js Cybersecurity ExpertHiring Status: Closed Applications for this position are no longer… Read more: We’re Hiring — Node.js Cybersecurity Expert
- Exposed Production Database Found on Sitemile.comWhile browsing for WordPress themes, I came across sitemile.com. After… Read more: Exposed Production Database Found on Sitemile.com
- YesWeHack Dojo – RubitMQInitial Ruby Application Code: The application processes user-supplied data by… Read more: YesWeHack Dojo – RubitMQ
Social Media
Advertisement
Tags
API Bug Bounty Capture The Flag Command Injection Cross-site Scripting CTF CVE-2026-9082 Drupal ExifTool HTML Information Disclosure JavaScript Markdown Open Redirection PHP SQL Injection VDP WAF Web Application Firewall XSS XSSR XSSRush




