All the information mentioned in this article are of my personal and aren’t the opinions of my past or present employer.

TL;DR : A page on domain manager.paypal.com was vulnerable to “Expression Language Injection” (JSTL) and I was able to extract some…

Hi Guys,

Andromeda - Interactive Reverse Engineering Tool for Android Applications - secrary/Andromeda

Yesterday, a new version of DOMPurify (very popular XSS sanitization library) was released, that fixed a bypass reported by us. In this post I’ll show how exactly the bypass looked like preceded by general information about DOMPurify and how it works. If…

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack - incredibleindishell/SSRF_Vulnerable_Lab

We demonstrate client side attacks and trojans are not exclusive to Windows with a Metasploit payload for an Ubuntu deb package that gives us a shell on Linux.

Interactive cross-site scripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.

In this section, we'll explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with ...

Hi guys whatsup! This is Udhay an security researcher . Here im presenting my research on unrestricted file upload vulnerablities.

Bash aliases are essentially shortcuts that can save you from having to remember long commands and eliminate a great deal of typing when you are working on the command line.

Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing…