You might like
bugTricks# Password Reset Functionality Testing # [email protected] 1- Try [email protected] 2- Try [email protected],[email protected] 3- Try [email protected]&[email protected] 3- Try [email protected],cc: [email protected] 4- Try…
If You Ever See Language Parameter, Then Never Forget to Test Expression-Language Injection Style Payload. ✅POC Payload: 1. Change the Method GET to POST 2. Language={${system("cat+/etc/passwd")}} For More Join my BugBounty Telegram Channel: t.me/ShellSec
I completed the Web Security Academy lab: Exploiting server-side parameter pollution in a REST URL @WebSecAcademy portswigger.net/web-security/a…
Interesting technique by @j_zere: When a cache deception requires a specific header/token that you can't directly provide, try chaining it with CSPT to make it exploitable.
A Novel Technique for SQL Injection in PDO’s Prepared Statements - @assetnote slcyber.io/assetnote-secu…
slcyber.io
Novel SQL Injection Technique in PDO Prepared Statements
Searchlight Cyber's Security Research team details a Novel Technique for SQL Injection in PDO's Prepared Statements.
I completed the Web Security Academy lab: Exploiting a mass assignment vulnerability @WebSecAcademy portswigger.net/web-security/a…
I completed the Web Security Academy lab: Finding and exploiting an unused API endpoint @WebSecAcademy portswigger.net/web-security/a…
I completed the Web Security Academy lab: Exploiting an API endpoint using documentation @WebSecAcademy portswigger.net/web-security/a…
I completed the Web Security Academy lab: Exploiting server-side parameter pollution in a query string @WebSecAcademy portswigger.net/web-security/a…
I Researched Ruby class pollutions and discovered a new exploitation method, Rotate Chains, achieving 100% exploit success rate; also created a bi0s CTF 2025 challenge based on the technique which had 0 solves. Read the research/writeup: winters0x64.xyz/posts/post-2
I don’t get why bug hunters tweet stuff like ‘Had a great month’ and post a screenshot with everything censored… and the reports aren’t even triaged yet. Thanks to HackerOne for that trailing dot showing the status of every report. What exactly are you trying to show?
If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: `Accept: ../../../../../../../../../../etc/passwd{{` #bugbountytips
I completed the Web Security Academy lab: JWT authentication bypass via algorithm confusion with no exposed key @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via algorithm confusion @WebSecAcademy portswigger.net/web-security/j…
Bug Hunters 🔥 Ever stumbled upon this weird message? "WebSockets request was expected" If you did, congratz! You just found a NodeJS server in debug mode, ready to quickly move on to RCE via simple DevTools 💥💥💥 Search for this message in Censys/FOFA and your automation 🤑
Just dropped a new video on Web Cache Deception to Account Takeover packed with powerful bypass techniques. Don’t miss it! youtu.be/Epzi1fWwdKk?si…
youtube.com
YouTube
Mastering Web Cache Deception: From Exploit to Account Takeover, a...
I completed the Web Security Academy lab: JWT authentication bypass via kid header path traversal @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via jku header injection @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via jwk header injection @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via weak signing key @WebSecAcademy portswigger.net/web-security/j…
United States Trends
- 1. Comet 26.8K posts
- 2. Amorim 47.1K posts
- 3. Ugarte 12.3K posts
- 4. Sun Belt Billy N/A
- 5. West Ham 45.4K posts
- 6. Manchester United 46.6K posts
- 7. Sac State N/A
- 8. #MUFC 20.8K posts
- 9. #MUNWHU 7,488 posts
- 10. Cunha 16.8K posts
- 11. Brennan Marion 1,350 posts
- 12. Eurovision 162K posts
- 13. Buster Faulkner 1,358 posts
- 14. Mainoo 12.4K posts
- 15. Dorgu 5,759 posts
- 16. Dalot 11.9K posts
- 17. Brian Cole 54.5K posts
- 18. #TrumpAffordabilityCrisis 8,851 posts
- 19. Wray 23.3K posts
- 20. Fame 54.6K posts
Something went wrong.
Something went wrong.