Payload of The Day #5 - SQL Injection via XML + WAF Bypass (PostgreSQL Edition)
Nov 27, 2025 · 2 min read · By Cybernerddd - Web App Pentester in Training Today’s payload is straight from a real PortSwigger lab where the SQL injection happens inside an XML POST request, protected by a WAF that blocks the usual keywords like UNION, SELECT, and comments. Sce...
Join discussionPayload Of The Day #4 - Blind SQL Injection (Time-Based User Extraction)
Nov 26, 2025 · 2 min read · By Cybernerddd Blind SQL Injection is one of the most fascinating parts of web exploitation because the application gives no visible output, yet you can still extract data silently using logic, timing, and creativity. Today’s payload focuses on time-...
Join discussion
DorkScan: Fast Google Dork Generation for Enhanced Bug Bounty Research
Oct 17, 2025 · 8 min read · DorkScan is an interactive web app that generates curated Google Dork queries for bug bounty hunters and students. Choose a role (Bug Bounty or Student), pick a dork category, add your target or search terms, and watch generated queries appear in a c...
Join discussion
Payload #3 - Bypassing File Upload Restrictions with web.config + Custom Extension.
Sep 17, 2025 · 2 min read · Reference: portswigger file upload via extension blacklist bypass The Situation You're facing a file upload filter that: Blocks .php, .phtml, .php5, etc. Serves uploaded files as plain text. Uses IIS(Internet Information Services) under the hood (...
Join discussionPayload of the Day #01-Dom XSS in jQuery Sink via location.hash
Jul 25, 2025 · 1 min read · Tags: [XSS, DOM XSS, Web Security, jQuery, JavaScript] Series: Payload of the Day --- Context: This payload targets a DOM-based XSS vulnerability in a site that uses jQuery’s $() selector and pulls user input directly from location.hash. The vulnerab...
Join discussionHackTheBox - SQLMap Essentials - Skills Assessment Walkthrough
Jul 10, 2025 · 2 min read · Scenario You are given access to a web application with basic protection mechanisms. Use the skills learned in this module to find the SQLi vulnerability with SQLMap and exploit it accordingly. To complete this module, find the flag and submit it her...
Join discussion
HackTheBox - SQL Injection Fundamentals - Skills Assessment Walkthrough
Jul 9, 2025 · 4 min read · Scenario The company Inlanefreight has contracted you to perform a web application assessment against one of their public-facing websites. In light of a recent breach of one of their main competitors, they are particularly concerned with SQL injectio...
Join discussion
HackTheBox - Session Security - Skills Assessment Walkthrough
Jul 5, 2025 · 3 min read · Scenario You are currently participating in a bug bounty program. The only URL in scope is http://minilab.htb.net Attacking end-users through client-side attacks is in scope for this particular bug bounty program. Test account credentials: Email:...
Join discussion
HackTheBox - Cross-Site Scripting (XSS) - Skills Assessment Walkthrough
Jul 4, 2025 · 2 min read · Scenario We are performing a Web Application Penetration Testing task for a company that hired you, which just released their new Security Blog. In our Web Application Penetration Testing plan, we reached the part where you must test the web applicat...
Join discussion