- Write-up for a Path Traversal on Gravitee.io
- Fastjson: exceptional deserialization vulnerabilities
- Room for Escape: Scribbling Outside the Lines of Template Security
- Web Cache Entanglement: Novel Pathways to Poisoning
- TLS-poison
- HTTP Request Smuggling in 2020
- h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
- Redefining Impossible: XSS without arbitrary JavaScript
- The Curious Case of Copy & Paste - on risks of pasting arbitrary content in browsers
- Mutation XSS via namespace confusion - DOMPurify < 2.0.17 bypass
- Salesforce Lightning - An in-depth look at exploitation vectors for the everyday community
- Advanced MSSQL Injection Tricks
- SD-PWN Part 2 --- Citrix SD-WAN Center
- Portable Data exFiltration: XSS for PDFs
- Blind SQL Injection without an "in"
- Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2
- Exploiting email address parsing with AWS SES
- Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques
- Attacking Secondary Contexts in Web Applications
- Exploiting POST-based XSSI
- Uninitialized Memory Disclosures in Web Applications
- Researching Polymorphic Images for XSS on Google Scholar
- Secret fragments: Remote code execution on Symfony based websites
- The unexpected Google wide domain check bypass
- Marginwidth/marginheight - the unexpected cross-origin communication channel
- CSS data exfiltration in Firefox via a single injection point
- ImageMagick - Shell injection via PDF password
- Forcing Firefox to Execute XSS Payloads during 302 Redirects
- TURN server allows TCP and UDP proxying to internal network
- AST Injection, Prototype Pollution to RCE
- Bypass SameSite Cookies Default to Lax and get CSRF
- Covert Web Shells in .NET with Read-Only Web Paths
- A Security Review of SharePoint Site Pages
- My hacking adventures with Safari reader mode
- Code injection in Workflows leading to SharePoint RCE
- The Powerful HTTP Request Smuggling
- NAT Slipstreaming
- Smuggling HTTP headers through reverse proxies
- XXE-scape through the front door: circumventing the firewall with HTTP request smuggling
- Exploiting "Google BigQuery" SQL Injection Vulnerability
- WAF evasion techniques
- Exploiting dynamic rendering engines to take control of web apps
- Unauthenticated RCE on MobileIron MDM
- Blind SSRF exploitation
- Story of a weird vulnerability I found on Facebook
- Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches
- Unauthorized Google Maps API Key Usage Cases
- XSS fun with animated SVG
- Exploiting HSQLDB
- Real-life OIDC Security (II): Login Confusion
- Security and Privacy of Social Logins
- Cache-Key Normalization | What could go wrong?
- Hacking AWS Cognito Misconfigurations
- Attacking MS Exchange Web Interfaces