This blog is about how I got my first HOF after chaining multiple bugs. Let’s get started. In simple words, BAC means you are able to perform certain actions or fetch certain files which you are not authorized to. Let’s
There’s always a way to exploit xss in different contexts I got an invite from a private program on hackerone and started searching for some vulnerabilites. After a while of searching, i found an url that had some interesting parameters.
Hey guys, in this tutorial, I will be sharing my learning about account takeover which I have learned after reading some blogs only on account takeover. What is Account Takeover vulnerability? Account takeover is a type of attack that allows
Hello Hackers, I Hope you guys are doing well and hunting lots of bugs and Dollars ! Our today’s agenda is very concerning and trending topics that are related to attack vectors on JSON Web Token ( JWT ). let’s
Recently XSSHunter.com decided to stop signups and soon stopping it’s services. You’ll need to host your own version of XSSHunter. I wrote an article about my fork of XSSHunter Express. Since making that article I wanted to make the process
This will be a setup guide for XSSHunter and integrating it with Discord Alerts. This will be very similar to my other article but with more details XSSHunter Discord Alert The first step is to download the Github script. curl
Portswigger — Basic server-side template injection Solution | Karthikeyan Nagaraj What is SSTI? Server-side template injection is a vulnerability where the attacker injects malicious input into a template to execute commands on the server-side This vulnerability occurs when invalid user
Hello everyone, my name is Hac and in this post, I will be sharing my experience with the HTB CBBH exam, which is a practical web application pentesting exam. I will be discussing my preparation, the exam format, and my
Portswigger HTTP Request Smuggling Solution | Karthikeyan Nagaraj What is HTTP Smuggling? HTTP request smuggling is a technique for interfering with the way a website processes sequences of HTTP requests that are received from one or more users. Request smuggling
