Web Hacking
Videos and writeups about web security and web challenges. I hope you will find them useful. In case of advice, feel free to contact me.
-
Pentesting Salesforce Communities - A lightning-fast journey from Guest User to Account Takeover
2024, 2 December -
WAF bypass and vulnerability chain exploiting parser differentials - WAFfle-y Order [HackTheBox]
2023, 12 April -
Finding SSTI in an EJS app using existing exploits and undocumented features - valentine [hxp 2022]
2023, 28 March -
Exploit Arbitrary Deserialization through Blind SQL Injection - Elf Resources [X-MAS CTF 2022]
2022, 21 December -
Exploit Zip Slip vulnerability in python tarfile - slippy [HackTheBox]
2022, 25 April -
Bypassing addslashes() using format string to get SQL Injection - baby sql [HackTheBox]
2021, 28 September -
Pickle Insecure Deserialization - baby website rick [HackTheBox]
2021, 1 September