Mihnea Octavian Manolachemihnea.hashnode.dev·Dec 2, 2024Keylogger.js - How to Exploit XSS Using KeyloggingLATER EDIT: I’ve added a working webhook on my personal website -https://www.mihnea.dev/keylogger-js In the ever-evolving landscape of cybersecurity, XSS still poses a significant threat to web applications. I myself have reported numerous XSS vulne...keylogger
ReplforNothing2Losen2l.hashnode.dev·Nov 30, 2024IDSECCONF 2024 CTF - All Web WriteupRecently, I joined a CTF organized by IDSECCONF, playing as N2L with two of my friends—our team had three people in total. At the time, I was mostly focusing on web challenges (but also did some reverse stuff) because the reverse category in this eve...70 readsxss bypass
meydimeydi.hashnode.dev·Nov 12, 2024Master of XSS WAF Bypass - Part 1Hello, I'm Meydi. I have been working in bug bounty for a year and a half, and over the past year, my main focus has been on client-side bugs and I have earned more than $25k in bounties through XSS In this part, my focus is on situations where you c...34 likes·628 readswafbypass
Bhuwan Bhetwalblog.bhuwanbhetwal.com.np·Nov 8, 2024CSRF + POST Body Param Reflection = POST-Based XSS (A BrainFuck)Hello again, This blog explains how i chained a CSRF and XSS on a POST request. So, lets get straight into it. One day i was hunting on a private program and i could see most of hacker’s were reporting CSRF. Almost 5 reports out of 10 were them. Lo...661 readsXSS
Bhuwan Bhetwalblog.bhuwanbhetwal.com.np·Nov 7, 2024Breaking In: How RXSS and SQLi Can Lead to Full Account Takeover and Database AccessThese vulnerabilities were Identified on one of the YesWeHack’s Private Program. I was hunting late night when i received an invitation from one of the Private Program. As they Were Interested on critical reports. I was looking for SQLi, Command Exec...2 likes·924 readsSQL
Bhuwan Bhetwalblog.bhuwanbhetwal.com.np·Nov 7, 2024Adding Knoxnl (KNOXSS) to BurpOpen Burp > Extensions Install Piper Go to Piper > Context menu items Click on Add Button and Enter Name as “knoxnl” In the Add menu item dialog box, enter the Name as knoxnl and change the Can handle... drop down to HTTP requests only. Change b...66 readsKnoxnl
Prashanth Bodepu0xpb.hashnode.dev·Nov 5, 2024Leek NFT challenge#0223 — IntigritiChallenge Overview Challenge Link: https://challenge-0223.intigriti.io/ Challenge By: @x64pr0fessor This challenge demonstrates a potential Cross-Site Scripting (XSS) vulnerability by allowing image uploads with unvalidated metadata, which an att...monthlychallenge
Kuldeep YadavforBreachForcebreachforce.net·Oct 17, 2024Secure Your Node.js Applications: Top 10 Critical Vulnerabilities to Identify and Prevent Major ThreatsHave you ever had one of those moments when you feel confident about the code you’ve written — until a VAPT (Vulnerability Assessment and Penetration Testing) team reviews it? Suddenly you’re faced with a sea of red flags and dire warnings. Words lik...143 readsNode.js
Ashari Muhammad Hisbullohblog.iamashari.me·Oct 2, 2024Frontend Security 101: Saving You from XSS Attack (still)Setelah di postingan sebelumnya kita sudah membahas XSS dan salah satu cara kita menanggulangi serangan XSS yaitu dengan menggunakan Content Security Policy (CSP), pada kesempatan kali ini saya mau melengkapi pembahasan saya terkait XSS dan mungkin h...Frontend Security 101Frontend Development
Adnan HashmiforMiddleware - Be Productive, Not Busy!middlewarehq.com·Aug 27, 2024Exploits Ep-2: Exploiting XSS to Become Someone Else OnlineDisclaimer: The techniques described in this blog are for educational purposes only. We're here to learn, not to cause chaos. Any resemblance to actual hacks, past or present, is purely coincidental. Please don't try this at home, or work, or anywher...#cybersecurity
