| Disabling js for the win |
|
|
|
| Salesforce bug hunting to Critical bug |
|
|
|
| FFUF-ing RECON, or how to get to P1–P3 from a slightly different recon |
|
|
|
| A story of another awesome old school hacking that lead to a cool P1 bug |
|
|
|
| Importance of burp history analysis to bypass 403 |
|
|
|
| Business Logic Error Methodology (easy way) + PoC-s |
|
|
|
| Fun with Header and Forget Password |
|
|
|
| The Importance of keeping up to date, or how I found an interesting bug thanks to a tweet |
|
|
|
| Accessing the website directly through its IP address, a case of a poorly hidden sql injection |
|
|
|
| Upload to the future |
|
|
|
| Fun with header and forget password, with a twist: |
|
|
|
| False2True, Match and Replace bug hunting — A cautionary tale |
|
|
|
| Cache poisoning of wget |
|
|
|
| Bug Hunting with Param Miner: Cache poisoning with XSS, a peculiar case |
|
|
|
| CSRF PoC mistake that broke crucial functions for the end user/victim |
|
|
|
| Refocusing in bug hunting, Bonus: An interestingly simple to test CSRF bypass |
|
|
|
| DNS Rebinding, The treacherous attack it can be |
|
|
|
writeups.xyz
/
Vuk Ivanovic