#websec search results
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
Uncle @theXSSrat on top. This will help many hackers to grow and learn about the cybersecurity. #BugBounty #websec #Pentesting #xssrat #xss
Turn a file write vulnerability in a Node.js application into remote code execution sonarsource.com/blog/why-code-… Credits Stefan Schiller #infosec #websec
Ché pasate por una birra bien fría a #LABARRADELAEKO, antes de que se acaben! 🍻 #EKO2025 #Websec #HappyHacking
Logical Bugs are often invisible to scanners They live in the assumptions devs make Want to find them? Think like the app shouldn’t work Here are 6 strategies to uncover logic bugs (with examples): #bugbounty #websec #cybersecurity
Always fun to get a DDoS attack on a Friday afternoon. 😑 Kudos to @kinsta and their APM + IP tools. It was relatively easy to track down and mitigate the attack. #websec
Last night I had the pleasure of speaking at the first-ever #owasp Victoria meetup! This is me, with chapter leaders Christophe David and Roberto Salago!! @wehackpurple and #WebSec proudly sponsored. @OWASPVictoria @LightOS
We are thrilled to announce that @_websec is once again joining forces with BSides Vancouver Island as a Silver Tier Sponsor! 🎉 A huge thank you to Websec for their continued support and for fostering a space where professionals can connect, learn, and grow. #Websec #BSidesVI
Just weeks away from #BSidesVI2025! We’re hyped to welcome back WebSec as our Platinum Sponsor! Meet their team at the booth, learn about their cutting-edge security audits, and see why they’re a global leader in cybersecurity. Don’t miss out! #WebSec #BSidesVI #Cybersecurity
Good times and consecutive bounties achieved with @intigriti define professionalism #bugbountytip #CyberSec #websec
I got my first bug bounty as a beginner. No certs. No secret sauce. Just pure grind. Wrote a blog about the real journey—from clueless to payout. Not a PoC. Just truth.👉 Read it here: [shorturl.at/3o0bJ] #bugbounty #infosec #websec #HackerOne #bugcrowd #CTF #CyberSecurity
![Rajan22m's tweet image. I got my first bug bounty as a beginner.
No certs. No secret sauce. Just pure grind.
Wrote a blog about the real journey—from clueless to payout.
Not a PoC. Just truth.👉 Read it here: [shorturl.at/3o0bJ]
#bugbounty #infosec #websec #HackerOne #bugcrowd #CTF #CyberSecurity](https://pbs.twimg.com/media/GpSApXzbYAIA_VE.jpg)
Catch our next session with @_smile_hacker_ on "Request Smuggling and Its Exploitation"! Dive into how this web vulnerability works and how to defend against it. RSVP: null.community/events/1025-ah… #CyberSecurity #WebSec @null0x00 #nullahm
Venha se aventurar em mais uma edição do CTF da websecbrasil!!! @YuriRDev Discord.gg/websec #CyberSecurity #cibersegurança #websec #dev #ctf #capturetheflag
#SSRF Payloads for LFR/LFD file:/etc/passwd%3F/ file:/etc%252Fpasswd/ file:/etc%252Fpasswd%3F/ file:///etc/%3F/../passwd file:${br}/et${u}c%252Fpas${te}swd%3F/ file:$(br)/et$(u)c%252Fpas$(te)swd%3F/ SSRF POLYGLOT file:///etc/passwd?/../passwd #WebSec rodoassis.medium.com/on-ssrf-server…
Wow, @Cloudflare blocked a record-breaking 71 million RPS DDoS attack over the weekend (largest to date and 35% higher than previous record). 🛡️ That's a lot of requests. 😮 bit.ly/3lClrKT #websec #Cloudflare
🎉 Explored URL Normalization! Great deep dive into how small differences in URLs (encoding, case, slashes) can change app logic or caching behavior. #WebSec #AppSec #InfoSec @CyberMindSpace @RohitVishw54326 @anand114bug
Wrapped up web cache poisoning (fat GET request) — used Burp Suite + curl to observe how large/complex GETs affected cached responses (high level). Reinforced CDN & backend cache hygiene. 🔍🛠️ #BurpSuite #WebSec @CyberMindSpace @RohitVishw54326 @anand114bug
🎉 Completed Web Parameter Cloaking lab! Eye-opening on how hidden/alternate params can change app behavior and bypass naive filters. #WebSec #AppSec @CyberMindSpace @anand114bug @RohitVishw54326
🎉 Completed Web cache poisoning (unkeyed query parameter)! Eye-opening lab on how query params excluded from cache keys can poison responses. #WebSec #CachePoisoningWeb @CyberMindSpace @anand114bug @RohitVishw54326
🎉 Completed Targeted web cache poisoning (unknown header)! Eye-opening lab on how unexpected headers can change cache behavior. #WebSec #CachePoisoning #CDN @CyberMindSpace @anand114 @RohitVishw54326
URL Normalization ✅ on PortSwigger. Learned how encoding, redirects & path tricks can bypass checks. Always canonicalize. #bugbounty #websec @anand114bug @rikki59845 @CyberMindSpace
Ep 1 of my PortSwigger sprint: Found a quick win with classic SQLi! Bypassed a product filter to retrieve hidden data. Lesson: Never concatenate user input directly into SQL queries! #WebSec #SQLinjection #AppSec
Outdated WordPress plugins = open house for hackers 🏚️🔓 Mass attacks auto-scan and exploit old plugins for site takeovers and malware. Patch, remove unused plugins, add WAF and backups. Read: bleepingcomputer.com/news/security/… Thoughts? #WordPress #WebSec #InfoSec
Ché pasate por una birra bien fría a #LABARRADELAEKO, antes de que se acaben! 🍻 #EKO2025 #Websec #HappyHacking
Finished File Inclusion on @tryhackme — LFI/RFI + path traversal = chaos. Hell of a room. tryhackme.com/room/fileinc?u… #WebSec #bugbounty #tryhackme
Learned IDORs on @TryHackMe — changing/guessing IDs can expose accounts, files & invoices. Check encoded, hashed & unpredictable IDs; always enforce server-side auth. 🔓🧠🔎 tryhackme.com/room/idor?utm_… #InfoSec #WebSec #CyberSecurity #tryhackme
tryhackme.com
IDOR
Learn how to find and exploit IDOR vulnerabilities in a web application giving you access to data that you shouldn't have.
No se olviden de pasar por un trago entre pláticas 🍺🍸 #HappyHacking #EKO2025 #Websec #Pwnlab
Gobuster teach you to read a site like a human: look for patterns, guess likely paths, then verify. The tool is just the hammer, your strategy is the difference between “found” and “noticed.” #TryHackMe #WebSec #RedTeam
Learning SQL changed how I read apps, not just what they show, but why they show it. If you want to hunt real bugs, start by asking: what SQL is this app running behind the scenes? 🚀 #TryHackMe #WebSec #RedTeam
If you want to level up for web pentesting: learn how JS moves data (events → DOM → network). That mental map turns ordinary pages into attack surfaces you can evaluate ethically, in labs, and with permission. #tryhackme #RedTeam #WebSec
Day 12 of 100 Diving into authentication bypass today. It’s a bit confusing right now, but I know I’ll figure it out. Just part of the journey! #CyberSecurity #websec @ireteeh @Acss_futa @thariskyjohn
🔍 Browser dev tools: Inspector tab exposes hidden HTML elements—find vuln inputs! #WebSec #Hacking101
Understanding JWT Authentication Bypass via Unverified Signature 🧵 1/ 🚨 Ever heard of JWTs? JSON Web Tokens are great for auth, but if servers don't verify signatures, attackers can tamper with them! Let's break down a vuln from @PortSwigger's lab. #WebSec #JWT
Payment iframes aren't foolproof. Stealth overlays can skim cards. Read More: thehackernews.com/2025/09/iframe… #iframe #websec #payments #infosec
#Day7 Web PenTest Learning: Going into the #Owasp10 (2021): What are the Owasp top 10 Web App Security Risks : 1. Broken Access Control 2. Cryptographic Failures 3. Injection @its_hakai_ #WebSec #Cybersecurity
#Day6 Web PenTest Learning (Out of usual scene): What am I tackling: EDR (Endpoint Detection and Response): What is EDR and what are its features Why an EDR is needed even if there is an Antivirus How does an EDR work--> Agents, Console, Detection #SOC #Cybersecurity @its_hakai_
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
I am excited to share that I got the Bug Killer Badge on @hackthebox_eu for finding a bug in production. This is amazing 😻. some goals coming along fine this year. #hackthebox #bugbounty #websec #tech #infosec
Turn a file write vulnerability in a Node.js application into remote code execution sonarsource.com/blog/why-code-… Credits Stefan Schiller #infosec #websec
Blind SQL Injection : A Practical Exploration CheatSheet #cybersec #infosec #websec #appsec #blindsql #cheatsheet #bugbounty
Good times and consecutive bounties achieved with @intigriti define professionalism #bugbountytip #CyberSec #websec
I nearly missed a reflected XSS in United Nations Thanks for always posting tips and guiding new comers. @ADITYASHENDE17 @theXSSrat @ofjaaah writeup here: cysek.org/post/___b6 Hope you'll find it informative #websec #bugbounty #Pentesting #bugbountytips #bugbountywriteup
#OSINT #infosec #websec #infosec whoxy.com domain search engine/ Whois research whoxy.com/whois-database/ database
I published an article on blind regular expression injection attack, which has not been considered well. Enjoy! #websec | "A Rough Idea of Blind Regular Expression Injection Attack" - diary.shift-js.info/blind-regular-…
Catch our next session with @_smile_hacker_ on "Request Smuggling and Its Exploitation"! Dive into how this web vulnerability works and how to defend against it. RSVP: null.community/events/1025-ah… #CyberSecurity #WebSec @null0x00 #nullahm
Come on @espn do you really not see the problem here. You are likely using mixed http/https on your login dialog... #infosec #websec
"GrapQL ve Güvenlik Zafiyetleri" yazısıyla Huriye Özdemir @ozdmrhh Arka Kapı Dergi 9. Sayısında! #ArkaKapı #GrapQL #websec
What if you could log in as anyone, make yourself an admin, and change grades? Login bypass, tweaking session, decrypting user IDs, and rewriting student grades in the DB. youtube.com/@ctf-sec Drops at 12 AM! Stay tuned. #ctfsec #websec #cybersecurity #session #sqli
"Web'i devlerden geri almak!" yazısıyla Ziyahan Albeniz @ziyaxanalbeniz Arka Kapı Dergi 10. Sayısında! #ArkaKapı #Websec #CyberSecurity
Logical Bugs are often invisible to scanners They live in the assumptions devs make Want to find them? Think like the app shouldn’t work Here are 6 strategies to uncover logic bugs (with examples): #bugbounty #websec #cybersecurity
Something went wrong.
Something went wrong.
United States Trends
- 1. Seahawks 23.4K posts
- 2. Giants 68.1K posts
- 3. Bills 137K posts
- 4. Bears 60.7K posts
- 5. Rams 17.4K posts
- 6. Daboll 12.8K posts
- 7. Jags 7,046 posts
- 8. Caleb 49.7K posts
- 9. Dart 26.8K posts
- 10. Dolphins 33.6K posts
- 11. Texans 38.4K posts
- 12. Josh Allen 16.7K posts
- 13. Russell Wilson 4,118 posts
- 14. Browns 38.7K posts
- 15. Patriots 109K posts
- 16. Ravens 38.8K posts
- 17. Niners 3,449 posts
- 18. Bryce 16K posts
- 19. Trevor Lawrence 2,606 posts
- 20. Henderson 18.1K posts