It’s been months since I have released ppmap and it didn’t take much for the tool to be popular because of how crazy and trending Prototype Pollution vulnerability actually is. On this article I’m not going to introduce you what Prototype Pollution is, since there are a lot of articles/videos…

Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerabilities out there. After a little break I decided to hunt a private company (which is not eligible for Bug Bounty, but still accepting reports) and what I found might be…

Gaining a foothold in an internal network can be challenging, as AV and Defender make this a little tougher. Modern Windows versions have put in place some mitigation that prevents the shellcode to run properly. …

Summary Recently, I performed a Cross Site Scripting vulnerability, however a normal XSS payload wasn’t being triggered because CSP was blocking external Javascript code (XSS) being executed. …

During penetration testing, I faced with a website which on this article I will name it as http://domain.com While browsing the website, I didn’t see any single Parameter, even though the website was built with PHP. I quit browsing and started to Google Dorking. Google Dorking to look for endpoints Using a simple dork inurl:http://domain.com …

Hello researchers and bug hunters! Recently I found an interesting attack vector which I would like to share with you. Without losing time, let’s jump into it. Finding LFI vulnerability Let’s browse through the website to see if we can find any interesting endpoint. Clicking to Contact Us leads to an interesting endpoint: …

During Bug Hunting, everyone aims for triggering the “1” alert. However, if you want to escalate your impact of XSS, now you can do this easily by using XSScope. What is XSScope? What is XSScope? XSScope is an advanced XSS payload generator platform for Client-Side attacks and also with an aim of increaing…

This is an extremely helpful and practical Cheatsheet for Bug Hunters, which helps you find CORS missconfiguration in every possible method. Simply replace https://example.com with the URL you want to target. This will help you scan for CORS vulnerability without the need of an external tool. …

Recently I was hunting for some XSS and I come up to a website (lets call it website.com for privacy reason) where it had an admin login form on /admin directory. Instinctively I tried entering random credentials to see what kind of response I will get.