Collaborate Disseminate
When we are trying to implement an ‘Event Tracking’ mechanism (recording/logging clicks, scrolls and other actions on the UI of the web application) on our web application.
Should ‘Event Tracking’ be tied to a session? I noticed that a lot… Continue reading Event Tracking integrity [migrated]
While I was pentesting a web application, I found out that files that are uploaded to the web application are stored in an AWS S3 instance. Based on my experience, when a web application needs to store all types of files, including files w… Continue reading Amazon AWS S3 Unrestricted File Upload
I am currently trying to learn HTTP Request Smuggling. In a presentation give by @defparam (https://www.youtube.com/watch?v=3tpnuzFLU8g), he mentioned that HTTP Request Smuggling/Desync can be classified into 3 categorization; Open Desync,… Continue reading HTTP Request Smuggling Checking for Desync Type
I am currently trying to learn HTTP Request Smuggling. In a presentation give by @defparam (https://www.youtube.com/watch?v=3tpnuzFLU8g), he mentioned that HTTP Request Smuggling/Desync can be classified into 3 categorization; Open Desync,… Continue reading HTTP Request Smuggling Checking for Desync Type
I am currently trying to learn HTTP Request Smuggling vulnerability to further enhance my pen testing skills. I have watched a couple of videos on Youtube and read articles online regarding it but still have a couple of questions in mind:
… Continue reading HTTP Request Smuggling Basics
I encountered this type of vulnerability a couple of times but was not able to fully exploit it.
This vulnerability is a self-xss which is triggered from file names. E.g. If I were to upload a file named [xss-payload].png, it will be execu… Continue reading Self-XSS From File Upload Name
I am currently studying regarding SSRF. I noticed that an injection vector where SSRF might be present is always parameters that is related to url (Importing image using URL, others). I have encountered a couple of endpoints where request … Continue reading SSRF Through Image Url
I am currently doing a pentesting on a web application and focusing more on SQL Injection. This company I am pentesting have a functionality in which we are allowed to buy things from the vendors/suppliers registered there. When a product … Continue reading SQL Injection Doesn’t Sanitize But Doesn’t Execute Commands
I am currently doing a bug bounty program and found a possible file upload vulnerability, but I am not so sure about it.
The vulnerability is on the chat function. In the chat function, users are allowed to communicate with each other and … Continue reading Unrestricted file upload in chat
I’d like to brainstorm/ ask regarding a possible vulnerability that I encounter recently.
So recently, I was able to find an endpoint where generating an Authorization Token is possible for a user and no security is being implemented. No C… Continue reading Authorization Header (Bearer) Vulnerability