In November, I reported various persistent XSS vulnerabilities in AOL Mail to the AOL Security Team. They replied quickly and fixed the vulnerabilities in less than 90 days.
1.
Using an unclosed tag, it was possible to inject arbitrary javascript code. The…

Hi. I’m kedrisec and I want to describe 3 vulnerabilities that I found as part of the security research at Yahoo Bug Bounty program. So…

This write up is about part of my latest XSS report to Uber@hackerone. Sorry for my poor English first of all, I will try my best to explain this XSS problem throughly. JSONP RequestSeveral months ago

The JSON Web Token Toolkit - jwt_tool.py is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens).

XXE vulnerability demo. Contribute to rgerganov/xxe-example development by creating an account on GitHub.

I get a lot of DM’s in twitter asking questions about Blind XSS like which tool to use, how to register in XSShunter, where to spray the…

Author: @Ambulong phpMyAdmin is a well-known MySQL/MariaDB online management tool, phpMyAdmin team released the version 4.7.7 that addresses the CSRF vulnerability found by Barot. (PMASA-2017-9). The