Research
XSS Stored= Unicode Normalization + User-Agent
Cross-Site Scripting (XSS) stands as one of the most well-known and widely exploited vulnerabilities in the history of bug bounty programs. For this reason, I believe it’s an opportune moment to refresh our approach when dealing with a field that is reflected...
Admin TakeOver=Fuzzing + IDOR
This time, I will be revisiting and rewriting an article I initially composed in 2021. I plan to incorporate several insights and methods I’ve employed since then. Let’s dive in.
We will call the victim web “example.com“. This objective has 6 well defined...