Tag: Write-ups

Dec 10, 2025

DOM XSS in jQuery selector sink using a hashchange event

Nov 18, 2025

Cypher

Nov 18, 2025

GetSimple

Nov 18, 2025

Nibbles

Nov 18, 2025

CSRF vulnerability with no defenses

Nov 18, 2025

CSRF where Referer validation depends on header being present

Nov 18, 2025

CSRF where token is duplicated in cookie

Nov 18, 2025

CSRF where token is not tied to non-session cookie

Nov 18, 2025

CSRF where token is not tied to user session

Nov 18, 2025

CSRF where token validation depends on request method

Nov 18, 2025

CSRF where token validation depends on token being present

Nov 18, 2025

CSRF with broken Referer validation

Nov 18, 2025

SameSite Lax bypass via cookie refresh

Nov 18, 2025

SameSite Lax bypass via method override

Nov 18, 2025

SameSite Strict bypass via client-side redirect

Nov 18, 2025

SameSite Strict bypass via sibling domain

Nov 18, 2025

DOM based Open Redirection

Nov 18, 2025

Routing-based SSRF

Nov 18, 2025

SSRF via flawed request parsing

Nov 18, 2025

Authentication bypass via OAuth implicit flow

Nov 18, 2025

Basic SSRF against another back-end system

Nov 18, 2025

Basic SSRF against the local server

Nov 18, 2025

Blind SSRF with out-of-band detection

Nov 18, 2025

Blind SSRF with Shellshock exploitation

Nov 18, 2025

SSRF with blacklist-based input filter

Nov 18, 2025

SSRF with filter bypass via Open redirection vulnerability

Nov 18, 2025

SSRF with whitelist-based input filter

Nov 18, 2025

Cross-site WebSocket hijacking

Nov 18, 2025

Manipulating WebSocket messages to exploit vulnerabilities

Nov 18, 2025

DOM XSS in document.write sink using source location.search inside a select element

Nov 18, 2025

DOM XSS in document.write sink using source location.search

Nov 18, 2025

DOM XSS in inner.html sink using source location.search

Nov 18, 2025

DOM XSS in jQuery anchor href attribute sink using location.search source

Nov 18, 2025

Reflected XSS into HTML context with nothing encoded

Nov 18, 2025

Stored XSS into HTML context with nothing encoded

Nov 18, 2025

Exploiting XXE to perform SSRF attacks

Nov 14, 2025

Haft

Explorer

Tag: Write-ups

DOM XSS in jQuery selector sink using a hashchange event

Cypher

GetSimple

Nibbles

CSRF vulnerability with no defenses

CSRF where Referer validation depends on header being present

CSRF where token is duplicated in cookie

CSRF where token is not tied to non-session cookie

CSRF where token is not tied to user session

CSRF where token validation depends on request method

CSRF where token validation depends on token being present

CSRF with broken Referer validation

SameSite Lax bypass via cookie refresh

SameSite Lax bypass via method override

SameSite Strict bypass via client-side redirect

SameSite Strict bypass via sibling domain

DOM based Open Redirection

Routing-based SSRF

SSRF via flawed request parsing

Authentication bypass via OAuth implicit flow

Basic SSRF against another back-end system

Basic SSRF against the local server

Blind SSRF with out-of-band detection

Blind SSRF with Shellshock exploitation

SSRF with blacklist-based input filter

SSRF with filter bypass via Open redirection vulnerability

SSRF with whitelist-based input filter

Cross-site WebSocket hijacking

Manipulating WebSocket messages to exploit vulnerabilities

DOM XSS in document.write sink using source location.search inside a select element

DOM XSS in document.write sink using source location.search

DOM XSS in inner.html sink using source location.search

DOM XSS in jQuery anchor href attribute sink using location.search source

Reflected XSS into HTML context with nothing encoded

Stored XSS into HTML context with nothing encoded

Exploiting XXE to perform SSRF attacks

Understanding Block-level encryption on Linux