eibx303.xyzBuilding a custom JS monitoring tool with no coding knowledge using AIBackground I had a very interesting JavaScript-heavy target I was working on, which was built using a microservice architecture. The main domain contains a lot of sub-apps, so doing subdomain enumeration did not result in any significant success othe...5d ago·7 min read
eibx303.xyzFull Read SSRF in a PDF generation feature to read data from Internal domainsThe Bug The bug is a server-side request forgery vulnerability in a PDF generation feature that enabled me to read data from internal domains that are not publicly reachable The Journey I’ve been working on this application for three months now, and ...Feb 7·6 min read
eibx303.xyzSSRF to read data from internal domainsStarting with what I’m comfortable at I have been testing this particular app for close to three months before I found a valid bug in it The app was mainly used for creating notes and collaborating, so when I started testing, I mainly focused on brok...Oct 28, 2025·7 min read
eibx303.xyzBypassing Cloudflare WAF with comma symbol to gain RCE using a file upload vulnerability (Ethiack CTF)Recently, I was reading a blog titled “Don’t Fear The AI Reaper: Using LLMs to Hack Better and Faster” which was explaining how hackers can hack better with the help of AI. The blog talked about how AI can often generate vulnerable code, and it linke...Sep 7, 2025·7 min read
