DOM-based Cross site Scripting (XSS) is a type of XSS where user input is written to a web pages’ Document Object Model without proper sanitization. This could be abused by an attacker to manipulat...

Notes related to RipsTech PHP Security Calendar 2019 which aren’t accessible anymore. Challenge 1 - Candy Cane import org.jdom2.Content; import org.jdom2.Document; import org.jdom2.JDOMException;...

This blog post contains a walkthrough of Nebula provided by Exploit Education. Nebula is a vulnerable ISO which has a variety of Linux privilege escalation vulnerabilities. Some of these vulnerabil...

The favicons of Chirpy are placed in the directory assets/img/favicons/. You may want to replace them with your own. The following sections will guide you to create and replace the default favicons...

Common XSS Tricks I use This post contains a common list of XSS payloads I tend to use most of often. Taken from the internet, the origin of most of these payloads are uknown but they are often sh...

This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: Going to the provided URL, this leads to the following web application where you ca...

This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: The goal of this challenge is the exploit the PDF conversion service seen below. ...

This walkthrough shows the process I used to capture and complete some systems within the Pentestit v12 test lab. This walkthrough contains my field notes I took when I was working through the box....

This walkthrough is a guide on how to exploit HTB Active machine. A quick nmap scan of the target system reveals the following information. The arguement -p- can also be used to scan the entire por...

Often when looking for Stored Cross-site scripting (XSS) vulnerabilities, file upload functionalities can be targeted. This will include trying to upload an HTML file or a Flash SWF file that conta...