Solved! Chrome debugger was enabled and allowed access via http://localhost:9222/json. This allowed exfiltrating data from other users whosoever was hitting this headless chrome browser - more info here - chromedevtools.github.io/devtools-proto… Thanks everyone for the tips :)

Are you a web tester who specializes in blind or out-of-band vulns? Check out CoWitness, a dope (stand alone) alternative to Collaborator by TrustedSec which adds URI and User-Agent. github.com/stolenusername… trustedsec.com/blog/introduci…

Understanding the basic functions of the browser and the key technologies we work with surrounding it (Cookies, SOP, CORS, JS Quirks) is so important and vastly underestimated in the eyes of most aspiring hackers. Read the specs, get curious about how it all works. In the long

Here is the blog post for CVE-2023-22515: Broken Access Control Vulnerability in Confluence Data Center and Server I've left two challenges in it, try to solve them. If you solve second one, that would be a 0-day 😅 blog.s1r1us.ninja/research/broke…

I’ve published the slides for my Security BSides Ahmedabad closing keynote: bit.ly/pwning-cloud-c… In this talk, I shared: “Lateral movement brute forcing” — a new technique that I covered and used against different targets to go, eg. From a limited GitHub token to achieve multi-lateral

Wait. What. Hehe. https://alert(1)@ example. com <a href=/ id=x>test</a> <script> eval(x.username) </script> Inspired by: x.com/joaxcar/status…

New writing: You Are Not Where You Think You Are, Browser Address Bar Spoofing For the past year I focused on browser URL bar spoofing vulnerabilities and I found multiple bugs inside Opera Browsers both Mobile and Desktop using various techniques medium.com/@renwa/aa36ad8…

🔥 OAuth "token reuse" vulnerability An interesting OAuth attack technique by Aviad Carmel that reused OAuth tokens from a different app to fully takeover victim's account in many popular apps like Grammarly salt.security/blog/oh-auth-a… #bugbountytips #bugbounty #cybersecurity

Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…

DVWA Security >>>> ICICI Bank 's Security

Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00. github.com/TheOfficialFlo…

🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT! Bounty: $28,000 💸 Here is the write-up 👉 swarm.ptsecurity.com/xxe-chrome-saf…

🔥 XSS on any website with missing charset information? 😳 Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post: sonarsource.com/blog/encoding-… #appsec #security #vulnerability

Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be following the RFC. portswigger.net/research/split…

.Rakesh Mane solved #XSS Challenge with identical solution as "Abdul Aziz Khan", making it the shortest. For the record, the number of characters are "55". Link: xss.redseclabs.com #xss #challenge #BugBounty

You can literally build whatever you want

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

💯