Our target is to exploit a hypothetical web application, simulating real-world scenarios. To demonstrate HTTP/2 request splitting, we will follow a step-by-step solution provided by the lab: Setup with Burp Suite: Start by sending a request for GET ...
There was a time when I thought the best play was to touch everything.One day I’d poke at XSS, the next day IDOR, maybe SSRF if I was in the mood.It felt like I was moving fast — learning “a bit of everything” — but in reality, I was skimming the sur...
Introduction Cross-Origin Resource Sharing (CORS) vulnerabilities can take many forms, and one of the most interesting variants involves trusting the "null" origin. In this article, we'll explore the PortSwigger Web Security Academy lab "CORS vulnera...
Introduction Cross-Origin Resource Sharing (CORS) vulnerabilities represent a significant security risk when misconfigured. In this walkthrough, we'll explore PortSwigger's "CORS vulnerability with basic origin reflection" lab, demonstrating how impr...
Strap in and get prepared for takeoff! The Aviator game on Spinmatch isn’t just a game; it’s a thrilling experience. One minute you're on cloud 9, and the next, you're regretting not cashing out. But don’t worry. That happens to all people at some t...
Introduction Today, I'm sharing my hands-on adventure through a real-world lab from PortSwigger's Web Security Academy, where I successfully exploited a Path Traversal vulnerability to read the sensitive /etc/passwd file. If you've ever wondered how ...
Zero Day The very first step in a journey of a thousand hacks begins here. 🔥✨ 👋 Hello and welcome to Zero Day — the launchpad where I, Xoryush, begin my mission to master cybersecurity, one bug at a time. 🐛💻 This blog is my public notebook 📓, ...
I haven’t blogged in over a year. Not because I had nothing to write - I just didn’t publish. Most of my time went into security cert prep, especially BSCP. Nearly every security nerd has heard or used BurpSuite in their life. Its creator PortSwigger...
Introduction As part of my journey into web application penetration testing, I completed all the Cross-Site Scripting (XSS) labs from PortSwigger’s Web Security Academy. These labs covered basic to advanced XSS vulnerabilities, and I learned how att...
Hey guys ✌🏻, I share my self-study journey in Web Security here, hoping these notes provide something useful for both newcomers and experienced folks. Summary In my third year studying Information Security, I realized that what we learn in class is ...
