Web Security
Bypassing WAF by Playing with Parameters
In this post, I’ll explain two similar techniques that can be used to bypass Web Application Firewalls (WAF). These are HTTP Parameter Pollution (HPP) and HTTP Parameter Fragmentation (HPF).
Read moreA Not-So-Blind RCE with SQL Injection
Once again, I’m back with another story of an interesting finding. This time I’ll be explaining an SQL injection instance, but this was bit different.
Read moreExtracting Source Code from Pre-Compiled ASP.Net applications
In a recent assignment, I found a Path Traversal vulnerability in an ASP.Net based web application. Naturally, the first thing I went after was the web.
Read moreA possibility of Account Takeover in Medium
There are times when you discover something that is very common and ordinary which just blows your mind and you start thinking, “How come I didn’t knew this before!
Read more