Open in app

Sign In

Write

Sign In

Nirmal Dahal - #Nittam
Nirmal Dahal - #Nittam

211 Followers

Home

About

Nov 22, 2022

MEGA Unlimited Cloud Storage Vulnerability

Back in June 2022, I found a flaw in the MEGA cloud storage system that let me store more data than they permit for free accounts. I was able to store roughly 1300GB data in MEGA, despite the fact that the free account storage restriction for MEGA is 20GB. Continue Reading: https://nirmaldahal.com.np/posts/2022/11/megas-unlimited-cloud-storage-vulnerability/

Mega

1 min read

MEGA Unlimited Cloud Storage Vulnerability
MEGA Unlimited Cloud Storage Vulnerability
Mega

1 min read


Jul 11, 2022

leveraging the SQL injection to execute the XSS by evading CSP.

Although it sounds silly, I am dumb enough to do this. Introduction to content security policy (CSP) If you are unfamiliar with CSP, you should know more about it before reading further. The security header known as CSP, or content security policy, is the rules that help enhance security of the web applications against well-known security…

Csp Bypass

3 min read

leveraging the SQL injection to execute the XSS by evading CSP.
leveraging the SQL injection to execute the XSS by evading CSP.
Csp Bypass

3 min read


Published in

PenTester Nepal

·Mar 7, 2021

CVE-2021–3258 | XSS To Account Takeover [Q2A Themes]

Today I am going to share a POC (Proof of Concept) on a vulnerability that I found on a popular Forum Management System by Q2A. Q2A is a free and open-source content management system to create Question & Answer communities like StackOverflow or Yahoo Answers. These types of management systems…

Cve

4 min read

CVE-2021–3258 | XSS To Account Takeover [Q2A Themes]
CVE-2021–3258 | XSS To Account Takeover [Q2A Themes]
Cve

4 min read


Published in

System Weakness

·Mar 7, 2021

Facebook [SVG Locky Ransomware ] Analysis

This Is What Actually Facebook’s SVG Malware Is Doing. We Had Used W3School’s IDE While Analyzing The Malicious SVG File. We Had Also Changed Some Code Of That Malicious SVG’s File For Decryption Purpose, The Values Have Been Decrypted From The SVG File. After sending the SVG file could have…

Facebook

2 min read

Facebook [SVG Locky Ransomware ] Analysis
Facebook [SVG Locky Ransomware ] Analysis
Facebook

2 min read


Published in

PenTester Nepal

·Mar 7, 2021

ByPassing eBay XSS Protection

Hi, there today I want to share small proof of concept regarding “Reflective Cross-Site Scripting [ R-XSS ]” which I had found on eBay back in 2016. I am not an active participant in bug bounty programs, but one day I had finished all my office works so I was…

Xss Filter Bypass

3 min read

ByPassing eBay XSS Protection
ByPassing eBay XSS Protection
Xss Filter Bypass

3 min read


Published in

CryptoGen Nepal

·Dec 26, 2019

XSS Is Love ❤ !

Sometime back I was testing a private site where I was able to execute an XSS. By using the previous XSS I managed to steal CSRF token to bypass CSRF and made an XHR request which leads to another XSS in a different endpoint. After chaining both XSSes It allowed…

Xss

1 min read

Xss

1 min read


Published in

CryptoGen Nepal

·Nov 26, 2019

R-XSS Leading CSRF Bypass To Account Takeover

Aug 14, I was testing one web application and going through error parameters and then found a Reflected XSS. http://Redact/Redact.EXT?errorMsg=<Vulnerable End-point> I did not think to find an R-XSS was the kind of critical vulnerability I was looking for. Next, I was going to go for CSRF but the site…

Xss

2 min read

R-XSS Leading CSRF Bypass To Account Takeover
R-XSS Leading CSRF Bypass To Account Takeover
Xss

2 min read


Published in

CryptoGen Nepal

·Nov 26, 2019

LFI To 10 Servers Pwn

While testing on a PRIVATE site back on Dec 19, 2017. I found a “commonfunctions.js” in the source code. That “commanfunctions.js” contained a path from where the pdf’s were downloadable. That point was vulnerable to LFI (Local File Inclusion).

Lfi

3 min read

LFI To 10 Servers Pwn
LFI To 10 Servers Pwn
Lfi

3 min read


Published in

CryptoGen Nepal

·Nov 26, 2019

XSS on Samy.pl (Samy Kamkar)

Hi guys, so today I am going to present a security issue that I found on a website that is famous among the information security researchers. Samy Kamkar is an American privacy and security researcher, computer hacker, entrepreneur and for me a very big influencer. …

Security

4 min read

XSS on Samy.pl (Samy Kamkar)
XSS on Samy.pl (Samy Kamkar)
Security

4 min read

Nirmal Dahal - #Nittam

Nirmal Dahal - #Nittam

211 Followers

C|EH Master | CNSS | NSE | CCNA Cyber Ops | CPISI | CSFPC

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams