Tag feed

#webappsecurity

16 posts1 followers

Explore Hashnode

Alternatives

Trending tags this week

CCyberFreak999cyberfreak.hashnode.devMar 4 · 3 min read

The Fundamentals of API Security: Part 2

If Part 1 focused on prevention through governance and design, this part focuses on detection and defence. Even secure APIs degrade over time: Code changes Infrastructure updates Configuration drif

0

EAEmmanuel Agyarko Ampahfrom-zero-to-cyber.hashnode.devNov 27, 2025 · 2 min read

Payload of The Day #5 - SQL Injection via XML + WAF Bypass (PostgreSQL Edition)

By Cybernerddd - Web App Pentester in Training Today’s payload is straight from a real PortSwigger lab where the SQL injection happens inside an XML POST request, protected by a WAF that blocks the usual keywords like UNION, SELECT, and comments. Sce...

0

EAEmmanuel Agyarko Ampahfrom-zero-to-cyber.hashnode.devNov 26, 2025 · 2 min read

Payload Of The Day #4 - Blind SQL Injection (Time-Based User Extraction)

By Cybernerddd Blind SQL Injection is one of the most fascinating parts of web exploitation because the application gives no visible output, yet you can still extract data silently using logic, timing, and creativity. Today’s payload focuses on time-...

0

BYBalwant Yadavbalwantinfosec.hashnode.devOct 17, 2025 · 8 min read

DorkScan: Fast Google Dork Generation for Enhanced Bug Bounty Research

DorkScan is an interactive web app that generates curated Google Dork queries for bug bounty hunters and students. Choose a role (Bug Bounty or Student), pick a dork category, add your target or search terms, and watch generated queries appear in a c...

0

EAEmmanuel Agyarko Ampahfrom-zero-to-cyber.hashnode.devSep 17, 2025 · 2 min read

Payload #3 - Bypassing File Upload Restrictions with web.config + Custom Extension.

Reference: portswigger file upload via extension blacklist bypass The Situation You're facing a file upload filter that: Blocks .php, .phtml, .php5, etc. Serves uploaded files as plain text. Uses IIS(Internet Information Services) under the hood (...

0

EAEmmanuel Agyarko Ampahfrom-zero-to-cyber.hashnode.devJul 25, 2025 · 1 min read

Payload of the Day #01-Dom XSS in jQuery Sink via location.hash

Tags: [XSS, DOM XSS, Web Security, jQuery, JavaScript] Series: Payload of the Day --- Context: This payload targets a DOM-based XSS vulnerability in a site that uses jQuery’s $() selector and pulls user input directly from location.hash. The vulnerab...

0

IAIdo Abramovid0xa.hashnode.devJul 10, 2025 · 2 min read

HackTheBox - SQLMap Essentials - Skills Assessment Walkthrough

Scenario You are given access to a web application with basic protection mechanisms. Use the skills learned in this module to find the SQLi vulnerability with SQLMap and exploit it accordingly. To complete this module, find the flag and submit it her...

0

IAIdo Abramovid0xa.hashnode.devJul 9, 2025 · 4 min read

HackTheBox - SQL Injection Fundamentals - Skills Assessment Walkthrough

Scenario The company Inlanefreight has contracted you to perform a web application assessment against one of their public-facing websites. In light of a recent breach of one of their main competitors, they are particularly concerned with SQL injectio...

0

IAIdo Abramovid0xa.hashnode.devJul 5, 2025 · 3 min read

HackTheBox - Session Security - Skills Assessment Walkthrough

Scenario You are currently participating in a bug bounty program. The only URL in scope is http://minilab.htb.net Attacking end-users through client-side attacks is in scope for this particular bug bounty program. Test account credentials: Email:...

0

IAIdo Abramovid0xa.hashnode.devJul 4, 2025 · 2 min read

HackTheBox - Cross-Site Scripting (XSS) - Skills Assessment Walkthrough

Scenario We are performing a Web Application Penetration Testing task for a company that hired you, which just released their new Security Blog. In our Web Application Penetration Testing plan, we reached the part where you must test the web applicat...

0

#webappsecurity

Search Hashnode

#webappsecurity

Explore Hashnode

Trending tags this week

The Fundamentals of API Security: Part 2

Payload of The Day #5 - SQL Injection via XML + WAF Bypass (PostgreSQL Edition)

Payload Of The Day #4 - Blind SQL Injection (Time-Based User Extraction)

DorkScan: Fast Google Dork Generation for Enhanced Bug Bounty Research

Payload #3 - Bypassing File Upload Restrictions with web.config + Custom Extension.

Payload of the Day #01-Dom XSS in jQuery Sink via location.hash

HackTheBox - SQLMap Essentials - Skills Assessment Walkthrough

HackTheBox - SQL Injection Fundamentals - Skills Assessment Walkthrough

HackTheBox - Session Security - Skills Assessment Walkthrough

HackTheBox - Cross-Site Scripting (XSS) - Skills Assessment Walkthrough