Web Hacking 8
- Pentesting Salesforce Communities
- Defeating custom password reset tokens
- WAF bypass and vulnerability chain exploiting parser differentials
- Finding SSTI in an EJS app using existing exploits and undocumented features
- Exploit Arbitrary Deserialization through Blind SQL Injection
- Exploit Zip Slip vulnerability in python tarfile
- Bypassing addslashes() using format string to get SQL Injection
- Pickle Insecure Deserialization