This article provides a detailed introduction to XSS（Cross Site Scripting） vulnerability attacks and defenses, including vulnerability basics, XSS fundamentals, encoding basics, XSS Payload, and XSS attack defense.

Hello, fellow security researchers and bug bounty hunters!

Learn about Dom-Explorer, a new open-source tool for understanding how popular browsers parse HTML and uncovering mutation XSS vulnerabilities.

Web Application Firewalls (WAFs) help to protect web applications by monitoring, filtering, and blocking HTTP traffic to and from a web service. However, WAFs are too often relied upon as...

TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass validation. We'll test various bypass techniques against…

This book will highlight the ins and outs of the HTML parser, and contains almost-impossible quizzes.

Full Disclosure of CVE-2024-8522 & CVE-2024-8529

Today, I’m excited to share all the resource I documented and personally used to master IDOR Vulnerability, soo lessssss gooo!!!!!

Intro The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, an

Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them.

In this session, I'll unleash novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure…

Cloudflare:
https://t.co/KPMQl9QG0g

This blog post explores advanced techniques for bypassing WAFs by leveraging quirks in JavaScript event handling, alternative encodings, and character normalization. It demonstrates how discrepancies in how web application firewalls and browsers parse attributes…

Discover how reverse engineering led to a $5000 bounty by exploiting a critical vulnerability in a popular Android app