Research – Page 2 – The N45HT Blog

Skip to content

The N45HT Blog

HOME
LEARNING
TOOLS
NEWS
RESEARCH

About The Author

Choirur Rizal

See author's posts

Exploiting %0A Injection for XSS on Samsung

Choirur Rizal

•

November 28, 2022

I began by searching for subdomains using Sublist3r and then checked the HTTP status codes for each subdomain…
POST-based XSS on DomaiNesia

Choirur Rizal

•

November 27, 2022

DomaiNesia is a company that offers domain registration, web hosting, VPS, and other related services. In this report,…
Reflected XSS Hidden Input in AT&T

XAdmin

•

January 26, 2022

During my testing of AT&T’s common login page, I discovered a reflected XSS vulnerability in the transactionID parameter.…
Stored DOM-based XSS on Xiaomi

Choirur Rizal

•

May 31, 2021

Yesterday, I discovered a Stored Cross-Site Scripting (XSS) vulnerability on the Xiaomi Forum via Markdown. Today, I’ve found…
WinRAR XSS

Choirur Rizal

•

May 3, 2021

A few days ago, I discovered a Cross-site Scripting (XSS) vulnerability in WinRAR. In this article, I’ll walk…
Reflected DOM-based XSS on DomaiNesia

Choirur Rizal

•

April 30, 2021

In this article, I’ll walk you through how I discovered a Reflected DOM-based Cross-site Scripting (XSS) vulnerability on…
Exploiting XSS via Markdown on Xiaomi

Choirur Rizal

•

April 27, 2021

Markdown is a popular text-to-HTML conversion tool, commonly used in forums and web platforms to create web content.…
Reflected XSS on Microsoft

Choirur Rizal

•

April 25, 2021

During my recent bug bounty hunting, I started by gathering information on the Microsoft domain using a simple…
$300 Bounty for Exploiting DOM-based XSS

XAdmin

•

January 29, 2021

While analyzing XING’s event management platform, I identified a reflected XSS vulnerability in the way event IDs are…
Reflected XSS on AT&T

Choirur Rizal

•

July 17, 2020

While performing a Google Dork search for potential vulnerabilities, I used the following query to target AT&T’s website:…

←Previous Next→

Search

Recent Posts

Drupal CVE-2026-9082 Checker
We recently created a small Python tool to detect CVE-2026-9082,… Read more: Drupal CVE-2026-9082 Checker
We’re Hiring — Node.js Cybersecurity Expert
N45HT is currently looking for a talented and experienced Node.js… Read more: We’re Hiring — Node.js Cybersecurity Expert
Exposed Production Database Found on Sitemile.com
While browsing for WordPress themes, I came across sitemile.com. After… Read more: Exposed Production Database Found on Sitemile.com
YesWeHack Dojo – RubitMQ
Initial Ruby Application Code: The application processes user-supplied data by… Read more: YesWeHack Dojo – RubitMQ
Hacking AI with Markdown: How We Triggered XSS in DeepSeek’s Chat
AI-generated chat messages are becoming a cornerstone of modern digital… Read more: Hacking AI with Markdown: How We Triggered XSS in DeepSeek’s Chat

Social Media

Twitter
Instagram
LinkedIn
Facebook

Advertisement

Tags

API Bug Bounty Capture The Flag Command Injection Cross-site Scripting CTF CVE-2026-9082 Drupal ExifTool HTML Information Disclosure JavaScript Markdown Open Redirection PHP SQL Injection VDP WAF Web Application Firewall XSS XSSR XSSRush

Connect With Us

Bali, Indonesia
[email protected]

Twitter
Instagram
Facebook

Categories

Learning
Tools
News
Research

N45HT

About
Contact
Products
Security

Search

Looking for something specific? Try a search below!

Search

Copyright © 2023 | Made with love by SuperbThemes