MEGA Unlimited Cloud Storage VulnerabilityBack in June 2022, I found a flaw in the MEGA cloud storage system that let me store more data than they permit for free accounts. I was…Nov 22, 2022Nov 22, 2022
leveraging the SQL injection to execute the XSS by evading CSP.Although it sounds silly, I am dumb enough to do this.Jul 11, 20221Jul 11, 20221
Published inPenTester NepalCVE-2021–3258 | XSS To Account Takeover [Q2A Themes]Today I am going to share a POC (Proof of Concept) on a vulnerability that I found on a popular Forum Management System by Q2A. Q2A is a…Mar 7, 2021Mar 7, 2021
Published inSystem WeaknessFacebook [SVG Locky Ransomware ] AnalysisThis Is What Actually Facebook’s SVG Malware Is Doing. We Had Used W3School’s IDE While Analyzing The Malicious SVG File. We Had Also…Mar 7, 2021Mar 7, 2021
Published inPenTester NepalByPassing eBay XSS ProtectionHi, there today I want to share small proof of concept regarding “Reflective Cross-Site Scripting [ R-XSS ]” which I had found on eBay…Mar 7, 20213Mar 7, 20213
Published inCryptoGen NepalXSS Is Love ❤ !Sometime back I was testing a private site where I was able to execute an XSS. By using the previous XSS I managed to steal CSRF token to…Dec 26, 2019Dec 26, 2019
Published inCryptoGen NepalR-XSS Leading CSRF Bypass To Account TakeoverAug 14, I was testing one web application and going through error parameters and then found a Reflected XSS.Nov 26, 2019Nov 26, 2019
Published inCryptoGen NepalLFI To 10 Servers PwnWhile testing on a PRIVATE site back on Dec 19, 2017. I found a “commonfunctions.js” in the source code. That “commanfunctions.js”…Nov 26, 20192Nov 26, 20192
Published inCryptoGen NepalXSS on Samy.pl (Samy Kamkar)Hi guys, so today I am going to present a security issue that I found on a website that is famous within the information security…Nov 26, 2019Nov 26, 2019