In this blog, I will share how I found template injection affecting Zendesk customers with default configuration.

ooh, this works on Chrome Canary :D
<input type="hidden" oncontentvisibilityautostatechange="alert(/ChromeCanary/)" style="content-visibility:auto">

Payloads All The Things, a list of useful payloads and bypasses for Web Application Security

This article provides a detailed introduction to XSS（Cross Site Scripting） vulnerability attacks and defenses, including vulnerability basics, XSS fundamentals, encoding basics, XSS Payload, and XSS attack defense.

Hello, fellow security researchers and bug bounty hunters!

Learn about Dom-Explorer, a new open-source tool for understanding how popular browsers parse HTML and uncovering mutation XSS vulnerabilities.

Web Application Firewalls (WAFs) help to protect web applications by monitoring, filtering, and blocking HTTP traffic to and from a web service. However, WAFs are too often relied upon as...

TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass validation. We'll test various bypass techniques against…

This book will highlight the ins and outs of the HTML parser, and contains almost-impossible quizzes.

Full Disclosure of CVE-2024-8522 & CVE-2024-8529

Today, I’m excited to share all the resource I documented and personally used to master IDOR Vulnerability, soo lessssss gooo!!!!!