List: Reading list 2 | Curated by Burak Dirlik

Aug 11, 2023

144 stories

2 saves

Reading list 2
Sumeet Mahadik
I almost ordered a product for free. (Business Logic Vulnerability)How does it sound that you ordered something and almost got it for free? Wouldn't that make you happy? Well, that's exactly how I felt. But…
Jun 30, 2023
Jun 30, 2023
 This story is no longer available
Arumusutakimu
XSS with 403 WAF Bypass for “(” and (document.cookie)Hi!, in this article I want to share my finding about reflected XSS and some way for bypassing 403 Forbidden.
Jun 5, 2023
6
Jun 5, 2023
6
Mohamed Ibrahim
How I was Able To Bypass The Admin PanelHello Amazing Hackers… Mohamed Ibrahim is Here
Jul 20, 2023
19
Jul 20, 2023
19
In
Better Programming
by
Vickie Li
Thoughts on the Book, “Designing Secure Software: A Guide for DevelopersAppSec engineer’s book club #001 — discussing Loren Kohnfelder’s book
Jan 10, 2023
Jan 10, 2023
In
System Weakness
by
1337.Krip
MY Methodology for Cross Site Scripting (XSS)Hey folks,
Jul 3, 2023
Jul 3, 2023
Vishal Barot
The Ultimate Recon-bookHi Hackers!
Jul 16, 2023
3
Jul 16, 2023
3
In
InfoSec Write-ups
by
Abbas.heybati
New technique 403 bypass lyncdiscover.microsoft.comHi
Sep 8, 2022
27
Sep 8, 2022
27
Inon Shkedy
Export InjectionThis article will talk about a new server side vulnerability that I discovered in the PDF export process.
Many servers are still…
Jan 4, 2018
1
Jan 4, 2018
1
Cristi Vlad
Account Takeover via Email ConfirmationIt’s the second account takeover I’m finding on a client pentest in the span of a few days. I’m not sure wth is going on…
Jul 25, 2023
3
Jul 25, 2023
3
In
InfoSec Write-ups
by
Tommaso De Ponti
Bug Bounty: Let’s Bypass an entire Web App’s CSRF protectionCSRF token is not always enough
Jul 30, 2020
4
Jul 30, 2020
4
PJBorah
Automate your recon With Censys | HOW Pro hacker use CensysGreeting Everyone ! After Long break I decide to create a blog on recon using censys this blog is bit interesting we will explore…
Mar 9, 2022
4
Mar 9, 2022
4
Jerry Shah (Jerry)
CSRF with IDOR - A Deadly ComboSummary :
Jan 12, 2021
2
Jan 12, 2021
2
In
Cyber Security Resources
by
Irfan Shakeel
Hacking and Cracking NTLM Hash to Get Windows Admin PasswordOriginally published on ehacking blog:
May 9, 2021
May 9, 2021
Chenny Ren
Exploit Development : Kolibri v2.0 HTTP Server with EggHunterI decide to write and publish a series of exercises walkthrough while I’m preparing for the OSCE exam. These exercises will heavily focus…
Nov 5, 2020
1
Nov 5, 2020
1
In
InfoSec Write-ups
by
Sudhanshu Rajbhar
Story of a weird CSRF bugHeyyy Everyoneeee,
Dec 29, 2021
3
Dec 29, 2021
3
bombon
Cache Deception Allows Cache Poisoning@bxmbn
Dec 1, 2022
1
Dec 1, 2022
1
snoopy
Web Cache Deception Attack on a private bug bounty programHi incredible hackers!
Mar 1, 2023
8
Mar 1, 2023
8
ShuttlerTech
Bypassing Captcha with a simple bot earn ($$$ bounty)Hello, Hunters. You are here because you are struggling or want to advance in your career. Believe me, things take time. Be consistent…
Feb 17, 2023
11
Feb 17, 2023
11
In
System Weakness
by
snoopy
SQL Injection + RCE | How I got a shell on my university websiteHi wonderful hackers.
Feb 21, 2023
10
Feb 21, 2023
10

Reading list 2

I almost ordered a product for free. (Business Logic Vulnerability)

How does it sound that you ordered something and almost got it for free? Wouldn't that make you happy? Well, that's exactly how I felt. But…

XSS with 403 WAF Bypass for “(” and (document.cookie)

Hi!, in this article I want to share my finding about reflected XSS and some way for bypassing 403 Forbidden.

How I was Able To Bypass The Admin Panel

Hello Amazing Hackers… Mohamed Ibrahim is Here

Thoughts on the Book, “Designing Secure Software: A Guide for Developers

AppSec engineer’s book club #001 — discussing Loren Kohnfelder’s book

MY Methodology for Cross Site Scripting (XSS)

Hey folks,

The Ultimate Recon-book

Hi Hackers!

New technique 403 bypass lyncdiscover.microsoft.com

Hi

Export Injection

This article will talk about a new server side vulnerability that I discovered in the PDF export process. Many servers are still…

Account Takeover via Email Confirmation

It’s the second account takeover I’m finding on a client pentest in the span of a few days. I’m not sure wth is going on…

Bug Bounty: Let’s Bypass an entire Web App’s CSRF protection

CSRF token is not always enough

Automate your recon With Censys | HOW Pro hacker use Censys

Greeting Everyone ! After Long break I decide to create a blog on recon using censys this blog is bit interesting we will explore…

CSRF with IDOR - A Deadly Combo

Summary :

Hacking and Cracking NTLM Hash to Get Windows Admin Password

Originally published on ehacking blog:

Exploit Development : Kolibri v2.0 HTTP Server with EggHunter

I decide to write and publish a series of exercises walkthrough while I’m preparing for the OSCE exam. These exercises will heavily focus…

Story of a weird CSRF bug

Heyyy Everyoneeee,

Cache Deception Allows Cache Poisoning

@bxmbn

Web Cache Deception Attack on a private bug bounty program

Hi incredible hackers!

Bypassing Captcha with a simple bot earn ($$$ bounty)

Hello, Hunters. You are here because you are struggling or want to advance in your career. Believe me, things take time. Be consistent…

SQL Injection + RCE | How I got a shell on my university website

Hi wonderful hackers.

Burak Dirlik