Methodology Walkthrough

Exploiting XSS To Steal Cookies

Cybersec Café #43 - 11/26/24

Nov 26, 2024 •

Blind OS Command Injection with Output Redirection

Cybersec Café #41 - 11/12/24

Nov 12, 2024 •

Exploiting SQLi to Query Database Version on MySQL and Microsoft

Cybersec Café #39 - 10/29/24

Oct 29, 2024 •

Blind XXE with OOB Interaction via XML Parameter Entities

Cybersec Café #37 - 10/15/24

Oct 15, 2024 •

OAuth Account Hijacking via redirect_uri

Cybersec Café #35 - 10/01/24

Oct 1, 2024 •

Web Shell Upload via Extension Blacklist Bypass

Cybersec Café #33 - 9/17/24

Sep 17, 2024 •

Server-Side Template Injection in an Unknown Language with a Documented Exploit

Cybersec Café #31 - 9/03/24

Sep 3, 2024 •

Multi-Step Process with No Access Control on One Step

Cybersec Café #29 - 8/20/24

Aug 20, 2024 •

Insufficient Workflow Validation

Cybersec Café #27 - 8/06/24

Aug 6, 2024 •

File Path Traversal Sequences Stripped Non-Recursively

Cybersec Café #25 - 7/23/24

Jul 23, 2024 •

SSRF via Flawed Request Parsing

Cybersec Café #23 - 7/09/24

Jul 9, 2024 •

CORS Vulnerability with Trusted Insecure Protocols

Cybersec Café #21 - 6/25/24

Jun 25, 2024 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts