web application security 14

• ExpressCart Prototype Pollution to Denial Of Service Mar 24, 2025
• SuiteCRM - Phar Deserialization to Code Execution May 9, 2021
• ADempiere Unsafe Deserialization to Code Execution Apr 14, 2021
• OpenCATS PHP Object Injection to Arbitrary File Write Jan 16, 2021
• PHP Object Injection Exploitation Notes Jan 8, 2021
• DomGoat Walkthrough Feb 8, 2020
• Common XSS payloads I use Aug 2, 2019
• Ghost Publishing Platform – SVG Image Upload to Stored Cross-site scripting Sep 20, 2018
• phppgadmin CSRF to Code Execution Jul 28, 2018
• The target="_blank" Vulnerability Apr 26, 2018
• Ganglia Reflected XSS Sep 21, 2017
• Finding SQL Injection vulnerabilities using polyglot payloads Aug 7, 2016
• Exploiting Local File Inclusion using PHP Wrappers Aug 7, 2016
• ZAP Scripting Aug 25, 2015