About The Author
-
Critical SQL Injection in a Major Indonesian Web Hosting Platform
While exploring vulnerabilities in a major web hosting company in Indonesia, I discovered a critical SQL injection vulnerability…
-
Breaking Vercel’s Clone URL with a Simple XSS Exploit
During my exploration of Vercel’s platform, I discovered a reflected XSS vulnerability in the “clone project” functionality. This…
-
Bypassing Razer’s WAF for XSS
While testing Razer’s web application, I identified an XSS vulnerability in their /ajax endpoint. The issue arises due…
-
Finding WordPress Vulnerabilities on CarGurus with WPScan
While exploring CarGurus’ bug bounty program, I discovered a reflected XSS vulnerability on their subdomain dealercentre.cargurus.co.uk. This writeup…
-
Stored XSS on Chess24.com
I recently registered on Chess24.com and, after playing a few games, decided to conduct a quick security analysis…
-
POST-based XSS on DomaiNesia
DomaiNesia is a company that offers domain registration, web hosting, VPS, and other related services. In this report,…
-
Reflected XSS Hidden Input in AT&T
During my testing of AT&T’s common login page, I discovered a reflected XSS vulnerability in the transactionID parameter.…
-
Stored DOM-based XSS on Xiaomi
Yesterday, I discovered a Stored Cross-Site Scripting (XSS) vulnerability on the Xiaomi Forum via Markdown. Today, I’ve found…
-
WinRAR XSS
A few days ago, I discovered a Cross-site Scripting (XSS) vulnerability in WinRAR. In this article, I’ll walk…
-
Reflected DOM-based XSS on DomaiNesia
In this article, I’ll walk you through how I discovered a Reflected DOM-based Cross-site Scripting (XSS) vulnerability on…
Recent Posts
- Drupal CVE-2026-9082 Checker
We recently created a small Python tool to detect CVE-2026-9082,… Read more: Drupal CVE-2026-9082 Checker - We’re Hiring — Node.js Cybersecurity Expert
N45HT is currently looking for a talented and experienced Node.js… Read more: We’re Hiring — Node.js Cybersecurity Expert - Exposed Production Database Found on Sitemile.com
While browsing for WordPress themes, I came across sitemile.com. After… Read more: Exposed Production Database Found on Sitemile.com - YesWeHack Dojo – RubitMQ
Initial Ruby Application Code: The application processes user-supplied data by… Read more: YesWeHack Dojo – RubitMQ - Hacking AI with Markdown: How We Triggered XSS in DeepSeek’s Chat
AI-generated chat messages are becoming a cornerstone of modern digital… Read more: Hacking AI with Markdown: How We Triggered XSS in DeepSeek’s Chat
Social Media
Advertisement
Tags
API Bug Bounty Capture The Flag Command Injection Cross-site Scripting CTF CVE-2026-9082 Drupal ExifTool HTML Information Disclosure JavaScript Markdown Open Redirection PHP SQL Injection VDP WAF Web Application Firewall XSS XSSR XSSRush