Оригинал на английском тут. Обзор Во время оценки безопасности веб-приложения на основе блокчейна было замечено, что некоторые функции уязвимы к передаче ETH без проверки подлинности из кошелька администратора в кошелек злоумышленника. Веб-приложение представляло…

Java web applications are far from […]

To properly assess the security of a web application, it’s important to analyze it with regard to the server it will run on. Many things depend on the server, from processing user requests to the easiest way of achieving RCE. Armed with knowledge about the…

HTTP Request Smuggling in NodeJS

based on findings from a live hacking event

Multiple vulnerabilities in cPanel/WHM. RCE and Privilege Escalation via stored XSS. Cross-Site WebSocket Hijacking.CSRF bypass

With some luck and a couple of XSS bugs I was able to break the new Edge

Here's how I find critical user account takeover vulnerabilities on web apps.

We go through:
- Step-by-step strategy I use.
- Find a critical bug.

We decided to look at the most popular on-premise helpdesk solutions. In this article we explain how we managed to find and exploit multiple vulnerabilities that eventually lead to remote code execution (RCE) at DeskPro software utilized by thousands of organizations…

I found the bug on GitHub website where, I bypassed the login authentication. In this walk through I will show it was done. Let’s…

All my videos are for educational purposes with bug bounty hunters and penetration testers in mind YouTube don't take down my videos 😉

Ethical hacking web application hacking and bug bounty hunting

Follow me on Twitter = https://twitter.com/PhD_Security…

Notes I wrote while reading a blog post written about GCP penetration testing techniques and methodologies by Chris Moberly.

Originally posted here [Old Blog]:  Hi, This is my second blog post. I recently started to script python, So I decided to write some recon script to filter out domains to attack first out of tens o…