E
endxo
web security
Search
Switch to search mode
ws
web security
All
a
AI
Android
Angular
AWS
C++
dl
Deep Learning
Docker
e
Elixir
e
Emacs
Flask
Go
g
GraphQL & Relay
iOS
Java
JavaScript
k
Kotlin
Laravel
Mac
ml
Machine Learning
PHP
p
PostgreSQL
Python
r
R
React Native
ReactJS
Ruby
Rust
Scala
s
Security
sh
Self Hosted
Swift
s
SysAdmin
Vue.js
ws
Web Security
Windows
Search within Web Security - Tricks
Web Security
> Tricks
Tricks
CSRF
Neat tricks to bypass CSRF-protection
- Written by Twosecurity
Tricks
CSRF
Exploiting CSRF on JSON endpoints with Flash and redirects
- Written by @riyazwalikar
Tricks
CSRF
Stealing CSRF tokens with CSS injection (without iFrames)
- Stealing CSRF tokens with CSS injection (without iFrames) - Written by @dxa4481
Updated 2 years ago
The latest commit was 2 years ago
Read more
300
13
Tricks
CSRF
Cracking Javas RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters
- Written by @rramgattie
Tricks
CSRF
If HttpOnly You Could Still CSRF Of CORS you can!
- If HttpOnly You Could Still CSRF Of CORS you can! - Written by @GraphX
Tricks
Clickjacking
Clickjackings in Google worth 14981.7$
- Clickjackings in Google worth 14981.7$ - Written by @raushanraj_65039
Tricks
Remote Code Execution
CVE-2019-1306: ARE YOU MY INDEX?
- CVE-2019-1306: ARE YOU MY INDEX? - Written by @yu5k3
Tricks
Remote Code Execution
WebLogic RCE (CVE-2019-2725) Debug Diary
- Written by Badcode@Knownsec 404 Team
Tricks
Remote Code Execution
Exploiting Node.js deserialization bug for Remote Code Execution
- Written by OpSecX
Tricks
Remote Code Execution
DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE
- Written by Ambionics Security
Tricks
Remote Code Execution
How we exploited a remote code execution vulnerability in math.js
- Written by @capacitorset
Tricks
Remote Code Execution
GitHub Enterprise Remote Code Execution
- Written by @iblue
Tricks
Remote Code Execution
Evil Teacher: Code Injection in Moodle
- Written by RIPS Technologies
Tricks
Remote Code Execution
How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
- How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! - Written by Orange
Tricks
Remote Code Execution
$36k Google App Engine RCE
- Written by Ezequiel Pereira
Tricks
Remote Code Execution
Poor RichFaces
- Written by CODE WHITE
Tricks
Remote Code Execution
Remote Code Execution on a Facebook server
- Written by @blaklis_
Tricks
XSS
Exploiting XSS with 20 characters limitation
- Written by Jorge Lajara
Tricks
XSS
Upgrade self XSS to Exploitable XSS an 3 Ways Technic
- Written by HAHWUL
Tricks
XSS
XSS without parentheses and semi-colons
- Written by @garethheyes
Tricks
XSS
XSS-Auditorthe protector of unprotected and the deceiver of protected
- - Written by @terjanq
Tricks
XSS
Query parameter reordering causes redirect page to render unsafe URL
- Written by kenziy
Tricks
XSS
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else
- Written by Mario Heiderich
Tricks
XSS
How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)
- How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) - Written by @marin_m
Tricks
XSS
DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS
- Written by Sebastian Lekies, Krzysztof Kotowicz, and Eduardo Vela
Tricks
XSS
Uber XSS via Cookie
- Written by zhchbin
Tricks
XSS
DOM XSS auth.uber.com
- Written by StamOne_
Tricks
XSS
Stored XSS on Facebook
- Written by Enguerran Gillier
Tricks
XSS
XSS in Google Colaboratory + CSP bypass
- Written by Micha Bentkowski
Tricks
XSS
Another XSS in Google Colaboratory
- Written by Micha Bentkowski
Tricks
XSS
is filtered ?
- is filtered ? - Written by @strukt93
Tricks
XSS
$20000 Facebook DOM XSS
- Written by @vinodsparrow
Tricks
SQL Injection
MySQL Error Based SQL Injection Using EXP
- Written by @osandamalith
Tricks
SQL Injection
SQL injection in an UPDATE query - a bug bounty story!
- SQL injection in an UPDATE query - a bug bounty story! - Written by Zombiehelp54
Tricks
SQL Injection
GitHub Enterprise SQL Injection
- Written by Orange
Tricks
SQL Injection
Making a Blind SQL Injection a little less blind
- Written by TomNomNom
Tricks
SQL Injection
Red Team Tales 0x01: From MSSQL to RCE
- Written by Tarlogic
Tricks
SQL Injection
SQL INJECTION AND POSTGRES - AN ADVENTURE TO EVENTUAL RCE
- Written by @denandz
Tricks
NoSQL Injection
GraphQL NoSQL Injection Through JSON Types
- Written by Pete
Tricks
FTP Injection
XML Out-Of-Band Data Retrieval
- Written by @a66at and Alexey Osipov
Tricks
FTP Injection
XXE OOB exploitation at Java 1.7+
- XXE OOB exploitation at Java 1.7+ - Written by Ivan Novikov
Tricks
XXE
Evil XML with two encodings
- Written by Arseniy Sharoglazov
Tricks
XXE
XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites)
- XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites) - Written by Rose Jackcode
Tricks
XXE
XXE OOB extracting via HTTP+FTP using single opened port
- Written by skavans
Tricks
XXE
What You Didn't Know About XML External Entities Attacks
- Written by Timothy D. Morgan
Tricks
XXE
Pre-authentication XXE vulnerability in the Services Drupal module
- Written by Renaud Dubourguais
Tricks
XXE
Forcing XXE Reflection through Server Error Messages
- Written by Antti Rantasaari
Tricks
XXE
Exploiting XXE with local DTD files
- Written by Arseniy Sharoglazov
Tricks
XXE
Automating local DTD discovery for XXE exploitation
- Written by Philippe Arteau
Tricks
SSRF
AWS takeover through SSRF in JavaScript
- Written by Gwen
Tricks
SSRF
SSRF to ROOT Access
- A $25k bounty for SSRF leading to ROOT Access in all instances by 0xacb
Tricks
SSRF
PHP SSRF Techniques
- Written by @themiddleblue
Tricks
SSRF
SSRF in https://imgur.com/vidgif/url
- Written by aesteral
Tricks
SSRF
All you need to know about SSRF and how may we write tools to do auto-detect
- Written by @Auxy233
Tricks
SSRF
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - Written by Orange
Tricks
SSRF
SSRF Tips
- Written by xl7dev
Tricks
SSRF
Into the Borg SSRF inside Google production network
- Written by opnsec
Tricks
SSRF
Piercing the Veil: Server Side Request Forgery to NIPRNet access
- Written by Alyssa Herrera
Tricks
Web Cache Poisoning
Bypassing Web Cache Poisoning Countermeasures
- Written by @albinowax
Tricks
Web Cache Poisoning
Cache poisoning and other dirty tricks
- Written by Wallarm
Tricks
URL
Some Problems Of URLs
- Written by Chris Palmer
Tricks
URL
Phishing with Unicode Domains
- Written by Xudong Zheng
Tricks
URL
Unicode Domains are bad and you should feel bad for supporting them
- Written by VRGSEC
Tricks
URL
dev.twitter.com] XSS
- Written by Sergey Bobrov
Tricks
Deserialization
ASP.NET resource files (.RESX) and deserialisation issues
- Written by @irsdl
Tricks
OAuth
Facebook OAuth Framework Vulnerability
- Written by @AmolBaikar
Tricks
Others
How I hacked Googles bug tracking system itself for $15,600 in bounties
- Written by @alex.birsan
Tricks
Others
Some Tricks From My Secret Group
- Written by phithon
Tricks
Others
Inducing DNS Leaks in Onion Web Services
- Written by @epidemics-scepticism
Tricks
Others
Stored XSS, and SSRF in Google using the Dataset Publishing Language
- Written by @signalchaos
Categories
mitmproxy
Proxy
Tools
Interactive TLS-capable intercepting HTTP proxy for penetration testers and soft ...
PayloadsAllTheThings
Digests
Written by @swisskyrepo
radare2
Disassembler
Tools
Unix-like reverse engineering framework and commandline tools by @radare
SQLMap
Security
Table of Contents
An automatic SQL injection and database takeover tool.