WinRAR 5.80 (x64) - Denial of Service.. dos exploit for Windows_x86-64 platform

Getting from a self-XSS vulnerability to a valid DOM XSS with the help of clickjacking on Google.org's Crisis Map.

Have you ever found an XSS only to find out there’s an active CSP that blocks execution of any scripts?If you want it to work on all browsers, not just IE (which doesn’t support CSP), there’s still a chance to bypass it! Use Google’s CSP Evaluator to find…

Contribute to google/csp-evaluator development by creating an account on GitHub.

Contribute to google/csp-evaluator development by creating an account on GitHub.

A write-up about how it was possible to execute a blind XSS on behalf of a Google Employee and get access to Google's invoices.

From CSRF to user information leak, XSS and full account takeover.

  By @jstnkndy   While looking for bugs in a target recently I came across a host that was running Expression Engine, a content management platform. This specific application caught my ey…

So you guys must be aware of CSRF attack, if not then here is a short intro:

How to leverage unprotected Redis instances for stealthy payload transfers and lateral movement

Protection exists != not exploitable.

Remote code execution via PHP,PHP Exploitation Code,PHP Object Injection,Command Execution,Information Disclosure,php code audit

An iFrame injection is a very common cross site scripting (or XSS) attack. It consists of one or more iFrame tags that have been inserted…

Hello Hacker

بسم الله الرحمن الرحيم

This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function. - dustyfresh/P...