Today I am going to share a POC (Proof of Concept) on a vulnerability that I found on a popular Forum Management System by Q2A. Q2A is a free and open-source content management system to create Question & Answer communities like StackOverflow or Yahoo Answers. These types of management systems…

This Is What Actually Facebook’s SVG Malware Is Doing. We Had Used W3School’s IDE While Analyzing The Malicious SVG File. We Had Also Changed Some Code Of That Malicious SVG’s File For Decryption Purpose, The Values Have Been Decrypted From The SVG File. After sending the SVG file could have…

Hi, there today I want to share small proof of concept regarding “Reflective Cross-Site Scripting [ R-XSS ]” which I had found on eBay back in 2016. I am not an active participant in bug bounty programs, but one day I had finished all my office works so I was…

Sometime back I was testing a private site where I was able to execute an XSS. By using the previous XSS I managed to steal CSRF token to bypass CSRF and made an XHR request which leads to another XSS in a different endpoint. After chaining both XSSes It allowed…

Aug 14, I was testing one web application and going through error parameters and then found a Reflected XSS. http://Redact/Redact.EXT?errorMsg=<Vulnerable End-point> I did not think to find an R-XSS was the kind of critical vulnerability I was looking for. Next, I was going to go for CSRF but the site…

While testing on a PRIVATE site back on Dec 19, 2017. I found a “commonfunctions.js” in the source code. That “commanfunctions.js” contained a path from where the pdf’s were downloadable. That point was vulnerable to LFI (Local File Inclusion).

Hi guys, so today I am going to present a security issue that I found on a website that is famous among the information security researchers. Samy Kamkar is an American privacy and security researcher, computer hacker, entrepreneur and for me a very big influencer. …