Cross-Site Scripting Analysis
From injection to real impact. Explored Reflected, Stored, and DOM vulnerabilities, session exposure, and mitigations like CSP and HttpOnly cookies.
Read Write-up ->A collection of my security research, lab exploitation, and vulnerability analysis.
From injection to real impact. Explored Reflected, Stored, and DOM vulnerabilities, session exposure, and mitigations like CSP and HttpOnly cookies.
Read Write-up ->From Error-Based to Blind Exploitation. Analyzed vulnerability root causes and bypassed logic using Boolean, UNION-based, and Time-Based payloads.
Read Write-up ->End-to-end compromise of a Linux machine. Exploited an authentication bypass via SQLi, performed lateral movement, and achieved root via Python library hijacking using sudo SETENV.
Read Write-up ->Exploited a Local File Inclusion (LFI) vulnerability discovered through exposed developer comments. Bypassed null-byte restrictions to extract the Flask source code, revealing a hardcoded Admin API key used to dump the SQLite database.
Read Write-up ->