Hello Hackers, I am Inderjeet Singh aka encodedguy on HackerOne. In this blog post, I will give a walkthrough of my recent finding in which I got the data from the users table. Background 0x01: Before starting the attack, let's first understand the background of the application. For testing, only
Given Code Snippet: Code review: easy-eval.js easy-xss.js index.html The Vulnerability User input is passed in ‘name’ parameter straight to the ‘innerHTML’ so it would be rendered by browser for example inserting ‘
Challenge Link: https://challenge-0223.intigriti.io/ Challenge By: https://twitter.com/x64pr0fessor Goal: Now we understand that we need to find a method to display an alert box in order to confirm that this is indeed an instance of XSS. Reconnaissance We were given an application that allows us to
Hey everyone! root@icyberjutsu:- # whoami My name is Aman Kumar(icyberjutsu), and I am a cybersecurity researcher based in India. Hope you all are doing great. This is the story of my first bounty; I was evaluating a program and discovered a vulnerability that could lead to a security
Hello Hackers! I am Inderjeet Singh aka encodedguy from India. In this blog, I will introduce a way to hack GraphQL API using suggestions. At the end, I will also review one of my own finding where I was able to make a custom GraphQL query using suggestions and dump