This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack - incredibleindishell/SSRF_Vulnerable_Lab

Yesterday, a new version of DOMPurify (very popular XSS sanitization library) was released, that fixed a bypass reported by us. In this post I’ll show how exactly the bypass looked like preceded by general information about DOMPurify and how it works. If…

We've added a brand new topic on testing for #WebSockets vulnerabilities, including three new labs. https://t.co/kZhy25Qho1

In this section, we'll explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with ...

In this methodology I've specified a way to exploit SSTI where traditional methods of exploitation failed.

At Casper, we revived a dead bug bounty program and made security part of the culture along the way.

Hi guys whatsup! This is Udhay an security researcher . Here im presenting my research on unrestricted file upload vulnerablities.

Download HackBar V2 for Firefox. [No License, FOREVER FREE] A HackBar for new firefox (Firefox Quantum). This addon is written in webextension and alternatives to the XUL version of original Hackbar.

You can ask request here: https://github.com/Hack-Free/HackBar

In part two of G Suite vulnerability discussion, I am writing about a simple but quite serious vulnerability in yet another part of G Suite…

Achieving authentication bypass and SQL injection using PHP’s unserialize()

🚨NEW CHALLENGE: Can you find the XSS vulnerability? 🕵️
🎁 Win a Burp Pro license and private invites at
👉https://t.co/ujjUzeuRt2! 👈
#HackWithIntigriti

Broken Access Control is an OWASP‘s Top 10 vulnerability category that covers all access control issues that can make your website vulnerable. In this article, we explain the impact of Broken Access Control and how you can avoid making access control mistakes.

In this section we will explain what clickjacking is, describe common examples of clickjacking attacks and discuss how to protect against these attacks. ...

## Summary:
The `flip` contract allows for the MCD system to auction collateral in exchange for DAI.
A lack of validation in the method `flip.kick` allows an attacker to create an auction with a...

In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…

For open redirects, try using this character: 。The website thinks it's redirecting to a page on the site, but browsers convert it to a '.' thus completing the redirect. Usage: ?url=//google。com Goes to: https://t.co/NeH0AFZR2O URL encoded: %E3%80%82 #bugbounty…