My First Bounty (idor)
First of all, this is my first article. I benefited a lot from this platform, and I want to thank everyone who contributed to publishing articles that benefited everyone. So I would love to also participate in informing others about what I teach him.
This is a…
FCKeditor is a lightweight text editor to be used in web pages and upload file too.
1-using this dork inurl /editor/filemanager/connectors/test.html
2-you must know which programming languages was the site programmed?
then choose programming languages from Connector:
and web server too
for example website in poc that i…
what’s ssrf ?
Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
1-you can use this dorks to find vulnerable sites
Before I start explaining how I found this bug.I will talk about Account Takeovers Methodologies
Now let’s tell you about the steps for finding…
Today we'll talk about how to bypass rate limiting
via Bypass Captcha
This article will be brief, meaning that we will explain the rate limiting in detail and Bypass Captcha in a later lesson.
Rate limiting is a strategy for limiting network traffic. It puts a cap on…
Privilege escalation vulnerabilities are security issues that allow users to gain more permissions and a higher level
Hello guys,who love to hack .Today I will talk about how I got this bug. It’s easy. All you have to do is focus and take time to think
While I was roaming…
Today we're going to talk about the host injection vulnerability. If you were invited to a private program, I advise you to start with this attack, as it is common and easy to discover .So let's start the fun, guys.
HTTP Host header attacks exploit vulnerable websites that handle the…
Today we'll talk about subdomain takeover vulnerability
We will talk about how to find the vulnerability in all its forms and the tools used, but in terms of exploitation, we will explain the exploitation of the subdomain takeover heroku