Assalam-O-Alaikum fellas hope you all are fine, it has been a while I've not contributed to the community so, today I will share chained…

Just learned today that you can actually end a SQL query with "\G" as in e.g. "SELECT * FROM yourAwesomeTable \G" 🤯 Try it out and don't be shocked by what you will find 🧐😅 #sql #magic

Intro to PHP object injection vulnerabilities

Vendor’s Vulnerability Announcement CVE-2019-13358 Internet Facing OpenCats: Google Dork OpenCats is an open-sourced applicant tracking system that is used to track job applicants. Versions before 0.9.4-3 suffer from a XML External Entity Injection vulnerability…

SANS Penetration Testing blog pertaining to Exploiting XXE Vulnerabilities in IIS/.NET

Name: PHP Login & User Management Vendor: Jigowatt via the Envato Market Place Vulnerability: Arbitrary File Upload Affected Versions: All versions before 4.1.1 CVE ID: CVE-2018-11392 It goes without saying, but all user-input should not be trusted. This…

Windbg Utility Tools based upon PyKD. Contribute to ohjeongwook/windbgtool development by creating an account on GitHub.

CloudFront bypass: Worked on a public program today ">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(`cloudfrontbypass`)//'> Would be interested to know if this is target specific or other CloudFront websites are vulnerable #bugbountytip…

HTML 5 does not do much to solve browser security issues. In fact it actually broadens the scope of what can be exploited, and forces developers to fix code ...

While checking Detectify Lab, I came across XSS Vulnerability on MEGA.CO.NZ which was found by  Frans Rosen  so I  though of doing some test on MEGA  but I  ended with none. I didn’t give up ! after a while I thought of scanning & looking into sub domain…

I’m going to share this concise writeup for a bug reported to one of bug bounty programs on hackerone

Have you ever found some risky behavior, but couldn't quite prove it was exploitable? Our XSS cheat sheet contains virtually every exploit technique we know of, but what should you do if you can't fin

GitHub Gist: instantly share code, notes, and snippets.