If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: `Accept: ../../../../../../../../../../etc/passwd{{` #bugbountytips

Just dropped a new video on Web Cache Deception to Account Takeover packed with powerful bypass techniques. Don’t miss it! youtu.be/Epzi1fWwdKk?si…

I completed the Web Security Academy lab: JWT authentication bypass via unverified signature Web Security Academy portswigger.net/web-security/j…

I completed the Web Security Academy lab: JWT authentication bypass via flawed signature verification Web Security Academy portswigger.net/web-security/j…

I completed the Web Security Academy lab: JWT authentication bypass via weak signing key Web Security Academy portswigger.net/web-security/j…

I completed the Web Security Academy lab: JWT authentication bypass via jwk header injection Web Security Academy portswigger.net/web-security/j…

I completed the Web Security Academy lab: JWT authentication bypass via jku header injection Web Security Academy portswigger.net/web-security/j…

I completed the Web Security Academy lab: JWT authentication bypass via kid header path traversal Web Security Academy portswigger.net/web-security/j…

Bug Hunters 🔥 Ever stumbled upon this weird message? "WebSockets request was expected" If you did, congratz! You just found a NodeJS server in debug mode, ready to quickly move on to RCE via simple DevTools 💥💥💥 Search for this message in Censys/FOFA and your automation 🤑

I completed the Web Security Academy lab: JWT authentication bypass via algorithm confusion Web Security Academy portswigger.net/web-security/j…

I completed the Web Security Academy lab: JWT authentication bypass via algorithm confusion with no exposed key Web Security Academy portswigger.net/web-security/j…

I don’t get why bug hunters tweet stuff like ‘Had a great month’ and post a screenshot with everything censored… and the reports aren’t even triaged yet. Thanks to HackerOne for that trailing dot showing the status of every report. What exactly are you trying to show?

I Researched Ruby class pollutions and discovered a new exploitation method, Rotate Chains, achieving 100% exploit success rate; also created a bi0s CTF 2025 challenge based on the technique which had 0 solves. Read the research/writeup: winters0x64.xyz/posts/post-2

I completed the Web Security Academy lab: Exploiting server-side parameter pollution in a query string Web Security Academy portswigger.net/web-security/a…

I completed the Web Security Academy lab: Exploiting an API endpoint using documentation Web Security Academy portswigger.net/web-security/a…

A Novel Technique for SQL Injection in PDO’s Prepared Statements - Assetnote slcyber.io/assetnote-secu…

I completed the Web Security Academy lab: Finding and exploiting an unused API endpoint Web Security Academy portswigger.net/web-security/a…

I completed the Web Security Academy lab: Exploiting a mass assignment vulnerability Web Security Academy portswigger.net/web-security/a…

Interesting technique by zere: When a cache deception requires a specific header/token that you can't directly provide, try chaining it with CSPT to make it exploitable.

I completed the Web Security Academy lab: Exploiting server-side parameter pollution in a REST URL Web Security Academy portswigger.net/web-security/a…