Nirmal Dahal - #NittamMEGA Unlimited Cloud Storage VulnerabilityBack in June 2022, I found a flaw in the MEGA cloud storage system that let me store more data than they permit for free accounts. I was…Nov 22, 2022Nov 22, 2022
Nirmal Dahal - #Nittamleveraging the SQL injection to execute the XSS by evading CSP.Although it sounds silly, I am dumb enough to do this.Jul 11, 20221Jul 11, 20221
Nirmal Dahal - #NittaminPenTester NepalCVE-2021–3258 | XSS To Account Takeover [Q2A Themes]Today I am going to share a POC (Proof of Concept) on a vulnerability that I found on a popular Forum Management System by Q2A. Q2A is a…Mar 7, 2021Mar 7, 2021
Nirmal Dahal - #NittaminSystem WeaknessFacebook [SVG Locky Ransomware ] AnalysisThis Is What Actually Facebook’s SVG Malware Is Doing. We Had Used W3School’s IDE While Analyzing The Malicious SVG File. We Had Also…Mar 7, 2021Mar 7, 2021
Nirmal Dahal - #NittaminPenTester NepalByPassing eBay XSS ProtectionHi, there today I want to share small proof of concept regarding “Reflective Cross-Site Scripting [ R-XSS ]” which I had found on eBay…Mar 7, 20213Mar 7, 20213
Nirmal Dahal - #NittaminCryptoGen NepalXSS Is Love ❤ !Sometime back I was testing a private site where I was able to execute an XSS. By using the previous XSS I managed to steal CSRF token to…Dec 26, 2019Dec 26, 2019
Nirmal Dahal - #NittaminCryptoGen NepalR-XSS Leading CSRF Bypass To Account TakeoverAug 14, I was testing one web application and going through error parameters and then found a Reflected XSS.Nov 26, 2019Nov 26, 2019
Nirmal Dahal - #NittaminCryptoGen NepalLFI To 10 Servers PwnWhile testing on a PRIVATE site back on Dec 19, 2017. I found a “commonfunctions.js” in the source code. That “commanfunctions.js”…Nov 26, 20192Nov 26, 20192
Nirmal Dahal - #NittaminCryptoGen NepalXSS on Samy.pl (Samy Kamkar)Hi guys, so today I am going to present a security issue that I found on a website that is famous within the information security…Nov 26, 2019Nov 26, 2019
![CVE-2021–3258 | XSS To Account Takeover [Q2A Themes]](https://miro.medium.com/v2/resize:fill:160:106/1*OUsp18ZBkHoFR-A1DXY2JQ.png)
![CVE-2021–3258 | XSS To Account Takeover [Q2A Themes]](https://miro.medium.com/v2/resize:fill:320:214/1*OUsp18ZBkHoFR-A1DXY2JQ.png)
![Facebook [SVG Locky Ransomware ] Analysis](https://miro.medium.com/v2/resize:fill:160:106/1*kRvMhgF3Nid1Wyd_wvMv_w.png)
![Facebook [SVG Locky Ransomware ] Analysis](https://miro.medium.com/v2/resize:fill:320:214/1*kRvMhgF3Nid1Wyd_wvMv_w.png)
