Hacking Techniques

npm search RCE – Escape Sequence Injection

The bugs in this blogpost are very interesting. In short, the author uses escape sequences to execute a terminal command while only controlling the command’s output. I’ve read it a few times and I still don’t understand 100% how does it work. I think it might also...

Top 10 web hacking techniques of 2023

Portswigger's yearly TOP10 hacking techniques is a collection of the top writeups of the year. I make sure to read all the articles from the top 10 but also, I don't forget about the nominations list - I try to read the most interesting ones from there, too....

37C3 – Breaking “DRM” in Polish trains

This talk isn’t about bug bounty. It isn’t even about the web. But it’s such a cool hacking story. In short, suspiciously, some trains in Poland were not working properly and the company that was using them hired hackers from the Dragon Sector CTF team. They reversed...

Content-Type shenanigans

Parsing of the Content-Type header isn’t straightforward at all yet it can be crucial for some bug classes. Mathias Karlsson published a nice writeup where he described some techniques we can use when we control a suffix of this response header....

Even more ways to bypass URL validation

While I was reading this tweet from Justin Gardner about leaking Oauth codes, I found a cool research paper in a reply by SickSec. The paper was about URL validations and I didn’t think I will find something new. But I have. For example, these two bypasses I wasn’t...

Hacking Salesforce-backed WebApps

I know for a fact that Salesforce is properly complex and hard to secure. On the other hand, however, you need to know a lot of Salesforce-specific things to hack it well. From this blogpost, you can learn how are IDs created, why they are not as random as they look,...

XSS attacks via Content sniffing

In short, content sniffing is a bug that causes the browser to interpret a response without a content-type header as HTML. This vulnerability can be exploited to smuggle XSS payloads in files like images. I was aware of this issue and had found a few XSS...