How I Found a Way to Prolong Password Reset Code Expiry
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-way-to-prolong-password-reset-code-expiry-6214391023de?source=rss—-7b7 … ⌘ Read more
How I Deleted Any User’s Account— No Interaction Needed
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-deleted-any-users-account-no-interaction-needed-faae0442ff4f?source=rss—-7b722bfd1 … ⌘ Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function … ⌘ Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d … ⌘ Read more
SameSite? SameMess: How I Bypassed Cookie Protections to Hijack Sessions ️♂️
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/samesi … ⌘ Read more
↳
In-reply-to
»
⤋ Read More
tar and find were written by the devil to make sysadmins even more miserable
@kat@yarn.girlonthemoon.xyz @prologic@twtxt.net Given that all these programs are super old (tar is from the late 1970ies), while trying to retain backwards-compatibilty, I’m not surprised that the UI isn’t too great. 🤔
find has quite a few pitfalls, that is very true. At work, we don’t even use it anymore in more complex scenarios but write Python scripts instead. find can be fast and efficient, but fewer and fewer people lack the knowledge to use it … The same goes for Shell scripting in general, actually.
Compress-a-thon — CSP Bypass via Redirection — Pentathon 2025
Compress-a-thon is a “web exploitation” challenge that was featured in Pentathon 2025 Finale Jeopardy CTF Round. This challenge involved…
[Continue reading on InfoSec Write-ups »](https://inf … ⌘ Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
👨💻Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 … ⌘ Read more
**The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-language-exploiting-graphql-for-unauthorized-data-dump-8 … ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rss—-7 … ⌘ Read more
**Top 5 Easiest Bugs for Beginners in Bug Bounty **
Top 5 Easiest Bugs for Beginners in Bug Bounty 🐞
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-easiest-bugs-for-beginners-in-bug-bounty-45dd81c49e03?source=rss—-7b722bfd1b8d- … ⌘ Read more
$10,000 Bounty: HackerOne Report Comments Leak via “Export as .zip”
How a new export feature unintentionally exposed private discussions in limited disclosure reports
[Continue reading on InfoSec Write-ups »](https://infose … ⌘ Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
🔓Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
Subdomain Takeover: My $450 Win & How You Can Do It Too
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/subdomain-takeover-my-450-win-how-you-can-do-it-too-3337ca0513b6?source=rss—-7b722 … ⌘ Read more
** CSP? More Like Can’t Stop Payloads — Bypassing CSP to XSS Like a Pro**
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/csp-more-like-cant-stop-payloads-bypassing-csp-to-xss-like-a-pro-9 … ⌘ Read more
UUIDs: A False Sense Of Security
Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uuids-a-false-sense-of-security-10467497daae?source=rss—-7b7 … ⌘ Read more
$50,000 Bounty: GitHub Access Token
How a hidden token in a desktop app could have compromised one of the world’s biggest e-commerce platforms
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50-000-bounty-github-access-token-c29cb6f00182?source=rss—-7b722bf … ⌘ Read more
️Recon Automation Like a Pro: My 5-Stage System to Catch More Bugs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Frecon-automation-like-a-pro-my-5-sta … ⌘ Read more
Top 10 Ways Hackers Exploit Web Applications (and How to Prevent Them)
Hackers don’t wait for big websites. They look for easy mistakes. Let’s fix them before they find yours.
[Continue reading on InfoSec Write- … ⌘ Read more
$840 Bounty: How I Stole OAuth Tokens from Twitter
A critical OAuth misconfiguration allowed stealing tokens with just a click
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/840-bounty-how-i-stole-oauth-tokens-from-twitter-733f8 … ⌘ Read more
new blog post: how i organized my obsidian vault for writing and made it super cool and awesome! https://bubblegum.girlonthemoon.xyz/articles/13
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
🗝️Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rss—-7 … ⌘ Read more
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] … ⌘ Read more
️♂️ Unlisted but Not Unseen: How I Found the Admin Panel in a JavaScript Comment
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
Mastering Linux Part 3: A Beginner’s Guide to APT and YUM Package Management
A Beginner’s Guide to APT and YUM Package Management
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com … ⌘ Read more
How to setup a Monthly Free VPS for Bug Hunting
In this article, I explained how to setup and use (GitHub CodeSpaces) for bug hunting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-setup-a-monthly-free-vps-for-bug-hunting-d4 … ⌘ Read more
Revisiting the Past, Hacking the Future
From Invalid Reports to Real Vulnerabilities: The Path to Growth in Hacking
A Penetration Tester’s Journey
Part 4 of “Beginner to Master in Linux” — A Penetration Tester’s Journey
**Query Confusion: How HTTP Parameter Pollution Made the App Spill Secrets **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/query-confusion-how-http-parameter-pollution-made … ⌘ Read more
Securing Apache2 + PHP: Practical guide for safer web hosting
A practical security checklist to harden your Apache2 + PHP stack and protect your web applications from common vulnerabilities.
[Continue reading on InfoSec Write-ups »](https:// … ⌘ Read more
$2,900 Bounty: Public S3 Bucket Exposure in Shopify
How a Simple S3 Misconfiguration Exposed Private Images Across Shopify Stores and Earned a $2,900 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-900-bounty-public-s … ⌘ Read more
Hack Any Mobile Phone Remotely
Ethically — but note — this used to work great with phone under android 10
Threat Profiling 101: How to Create a Threat Profile
Learn how to create effective threat profiles to identify and prioritize relevant cyber threats for your organization.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
$1000 Bounty: Account Takeover via Host Header Injection in Password Reset Flow
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-boun … ⌘ Read more