Subdomain Takeover: My $450 Win & How You Can Do It Too
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/subdomain-takeover-my-450-win-how-you-can-do-it-too-3337ca0513b6?source=rss—-7b722 … ⌘ Read more
Hidden HackerOne & Bugcrowd Programs: How to Get Private Invites
“Private programs are where the real gold lies… but no one tells you how to get there. Let me break it down for you — with secrets most…
[Continue reading on In … ⌘ Read more
Maeve is a little hellion. Just turned 1 years yesterday ⌘ Read more
** CSP? More Like Can’t Stop Payloads — Bypassing CSP to XSS Like a Pro**
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/csp-more-like-cant-stop-payloads-bypassing-csp-to-xss-like-a-pro-9 … ⌘ Read more
↳
In-reply-to
»
My main domain name turned 24 years old today. That feels weird.
⤋ Read More
@bender@twtxt.net I’m not sure this is accurate, if you lookup mine:
$ whois shortcircuit.net.au 2>&1 | grep -i creat
created: 1986-03-05
I think this has to be the registrar’s creation date no? 🤔
Ján Bulík medzi ocenenými v Martine
V Martine sa 8. mája odohralo podujatie, ktoré spojilo historickú reflexiu s kultúrnou spomienkou – Matica slovenská si pripomenula 80. výročie oslobodenia Slovenska a ukončenia druhej svetovej vojny. V sídle tejto najstaršej slovenskej kultúrnej ustanovizne sa uskutočnila slávnosť venovaná osobnostiam, ktoré v čase vojny so cťou a odvahou vzdorovali fašizmu. Medzi ocenenými bol aj Ján Bulík (1. januára 1897 Kovačica – 30. januára 1942 Mauthause … ⌘ Read more
Design system annotations, part 1: How accessibility gets left out of components
The Accessibility Design team created a set of annotations to bridge the gaps that design systems alone can’t fix and proactively addresses accessibility issues within Primer components.
The post [Design system annotations, part 1: How accessibility gets left out of components](https://github.blog/engineering/user-experience/design-system-annotations-part-1-how … ⌘ Read more
UUIDs: A False Sense Of Security
Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uuids-a-false-sense-of-security-10467497daae?source=rss—-7b7 … ⌘ Read more
$50,000 Bounty: GitHub Access Token
How a hidden token in a desktop app could have compromised one of the world’s biggest e-commerce platforms
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50-000-bounty-github-access-token-c29cb6f00182?source=rss—-7b722bf … ⌘ Read more
️Recon Automation Like a Pro: My 5-Stage System to Catch More Bugs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Frecon-automation-like-a-pro-my-5-sta … ⌘ Read more
Top 10 Ways Hackers Exploit Web Applications (and How to Prevent Them)
Hackers don’t wait for big websites. They look for easy mistakes. Let’s fix them before they find yours.
[Continue reading on InfoSec Write- … ⌘ Read more
HACK-ERA CTF — Phase 1 Walkthrough ⌘ Read more
$840 Bounty: How I Stole OAuth Tokens from Twitter
A critical OAuth misconfiguration allowed stealing tokens with just a click
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/840-bounty-how-i-stole-oauth-tokens-from-twitter-733f8 … ⌘ Read more
Vim9.1(macOS-arm/Sequaoia) && iTerm2(cask): CursorShape for Insert Mode - How? ⌘ Read more
Is there any way to retain vim 7.4 search setting while using vim 9.1? ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
🗝️Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rss—-7 … ⌘ Read more
A Guide to SQL Injection Attacks: Hackers Don’t Want You to Know This!
Imagine your website as a big toy box filled with treasures — like user info, passwords, or blog posts — and you’ve got a robot helper…
[Contin … ⌘ Read more
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] … ⌘ Read more
️♂️ Unlisted but Not Unseen: How I Found the Admin Panel in a JavaScript Comment
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
Mastering Linux Part 3: A Beginner’s Guide to APT and YUM Package Management
A Beginner’s Guide to APT and YUM Package Management
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com … ⌘ Read more
curl bans “AI” security reports as Zuckerberg claims we’ll all have more “AI” friends than real ones
Daniel Stenberg, creator and maintainer of curl, has had enough of the neverending torrent of “AI”-generated security reports the curl project has to deal with. That’s it. I’ve had it. I’m putting my foot down on this craziness. 1. Every reporter submitting security reports on Hackerone for curl now needs to answer this question: “Did you … ⌘ Read more
Step 1: Show belly. Step 2: Bite the fool. ⌘ Read more
How to setup a Monthly Free VPS for Bug Hunting
In this article, I explained how to setup and use (GitHub CodeSpaces) for bug hunting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-setup-a-monthly-free-vps-for-bug-hunting-d4 … ⌘ Read more
Revisiting the Past, Hacking the Future
From Invalid Reports to Real Vulnerabilities: The Path to Growth in Hacking
A Penetration Tester’s Journey
Part 4 of “Beginner to Master in Linux” — A Penetration Tester’s Journey
AI Agents Unleashed: The Rise of Autonomous Systems Transforming Industries
The emergence of AI agents signifies a transformative shift in generative AI, evolving from simple chatbots to sophisticated … ⌘ Read more
Is Your App Protected? The Branch API Vulnerability You Need to Know About
$fallback_url is a helpful feature in Branch’s deep linking system — until someone uses it to redirect your users to phishing … ⌘ Read more
A Must-Have Tool for Bug Hunters: Find Open Redirect Vulnerabilities on Linux
Automate open redirection detection, save hours of manual testing, and level up your bug bounty recon game.
[Continue … ⌘ Read more
**Query Confusion: How HTTP Parameter Pollution Made the App Spill Secrets **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/query-confusion-how-http-parameter-pollution-made … ⌘ Read more
Securing Apache2 + PHP: Practical guide for safer web hosting
A practical security checklist to harden your Apache2 + PHP stack and protect your web applications from common vulnerabilities.
[Continue reading on InfoSec Write-ups »](https:// … ⌘ Read more
$2,900 Bounty: Public S3 Bucket Exposure in Shopify
How a Simple S3 Misconfiguration Exposed Private Images Across Shopify Stores and Earned a $2,900 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-900-bounty-public-s … ⌘ Read more
↳
In-reply-to
»
https://alex.party/posts/2025-05-05-the-future-of-web-development-is-ai-get-on-or-get-left-behind/
⤋ Read More
And on a similar note, cross-post from Mastodon:
What I love about HTML and HTTP is that it can degrade rather gracefully on old browsers.
My website isn’t spectacular but I don’t think it looks horrible, either. And it’s still usable just fine all the way down to WfW 3.11:
It’s not perfect, but it’s usable. And that makes me happy. Almost 30 years of compatibilty.
The biggest sacrifice is probably that I don’t enforce TLS and that HTTP 1.0 has no Host: header, so no vhosts (or rather, everything must come from the default vhost). (Yes, some old browsers send Host:, even though they predate HTTP 1.1. Netscape does, but not IBM WebExplorer, for example.)
(On the other hand, it might completely suck on modern mobile devices. Dunno, I barely use those. 🤪)
Beyond Alert Boxes: Exploiting DOM XSS for Full Account Takeover
Hello Hunters, as you all know, XSS is one of the most common web vulnerabilities, often underestimated but capable of causing severe…
[Continue reading on … ⌘ Read more
Hack Any Mobile Phone Remotely
Ethically — but note — this used to work great with phone under android 10
Containers vs Virtual Machines: Key Differences, Benefits, and Use Cases Explained
Discover the difference between containers and virtual machines, their benefits, and use cases to make smarter inf … ⌘ Read more
Threat Profiling 101: How to Create a Threat Profile
Learn how to create effective threat profiles to identify and prioritize relevant cyber threats for your organization.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
The Ultimate Guide to Cyber Threat Actors: Exploring Hackers, Hacktivists, and Their Tactics
How can we understand the impact of hackers and hacktivists on global cyberse … ⌘ Read more