Some time ago, while reading up on new CSS features, I asked myself: Is it possible to leak the entire content of an HTML text node only using CSS?

Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL . This was fascinating to me especially because the payload is not actually visible in the URL in

Discover the $3.5k bounty story about how CSP bypass unlocked a XSS vulnerability leading to account takeover

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT). - doyensec/CSPTPlayground

Discover the hidden risks of using trivial packages in development. Learn how small, seemingly insignificant dependencies can lead to significant security vulnerabilities.

Hello everyone, it’s Osama (W4lT3R) again! I wanted to share a recent finding with you where I successfully bypassed the CSRF protection…

Few months ago I was assigned to do a pentest on a target running CyberPanel. It seemed to be installed by default by some VPS providers & it was also sponsored by Freshworks.

Hi `DOD` Team,

# Summary:

* When accessing the endpoint on https:// ██████████/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/ it is possible to path traversal on the...

In this blog, I will share how I found template injection affecting Zendesk customers with default configuration.

ooh, this works on Chrome Canary :D
<input type="hidden" oncontentvisibilityautostatechange="alert(/ChromeCanary/)" style="content-visibility:auto">

Payloads All The Things, a list of useful payloads and bypasses for Web Application Security

This article provides a detailed introduction to XSS（Cross Site Scripting） vulnerability attacks and defenses, including vulnerability basics, XSS fundamentals, encoding basics, XSS Payload, and XSS attack defense.

Hello, fellow security researchers and bug bounty hunters!