Double URL-encoded XSS

Right after the quarantine ended I had a mini burn out for more than a month, where I didn’t even bother to try and hunt for bugs. After those one and a half months of trying to find my motivation again, I found a XSS that required a bit more thinking than the typical javascript:alert(1) cases.

Read More

Useful things I tend to forget to do when playing HTB

HTB is a great place for anyone to practice their hacking skills. It doesn’t matter if you’re a beginner or a seasoned security professional, it has all sorts of machines to challenge your skills. After spending many hours, trying to root as many boxes as possible, I observed that I tend to forget certain techniques and commands that would make my life easier.

Read More

Unrestricted CV File Upload

While I’m stuck at quarantine like the rest of the world, I have more time to work on my web app hacking skills by doing some bug bounties. From those bugs that I found in this long BB session of mine, I got to report my first Unrestricted File Upload.

Read More

HTB Lightweight

I enjoyed Lightweight, as it was kind of a different box from what I’ve come across, especially in the user part.

Read More