Steal IP Address using Image

Starting on the name of My god “Allah” the most beneficent the most merciful Today i wokeup and saw a post on grabbing the IP using SQL injection. As per my interest i checked what it was, after reading it i came up with an idea to include some htaccess shit with the whole idea…

DDOS Using SQL injection (SiDDOS)

DDOS Using SQL injection In this tutorial we will discuss how can some one DDOS a website using SQL injection. As for me its a new concept dint had much research or tutorials on it. After my own testing and the maximum information i some how collected reading SQL syntax and other limitations on connection and…

XSS Injection with SQLi

XSS Injection with SQLi (XSSQLi) XSS Injection with SQLi (XSSQLi) Well After our discussion on different types of injection and places you can find SQL injection Vulnerability, an attacker can successfully exploit and SQL injection vulnerability and get access over the database and if he is enough lucky to get access to the File System…

VPS Cheatsheet for bug hunting

I have found myself way too many times forgetting certain commands, or how to perform specific actions related to bug hunting. Solution: make a cheat sheet of all the useful commands. And I figured, you may find it useful, or maybe you already know all of them by heart in which case, good for you….

How to find valid and impactful CSRFs

Hi , i am Febin , a security researcher. This is my first post in OBB blog, which is about the mighty CSRF attack. IMPACT OF CSRF: In a successful CSRF attack, the attacker causes the victim user to carry out an action unintentionally. For example, this might be to change the email address on…

Using {XSS} to play games on Site

Hello guys, today I’m going to teach you how to play inside any website that has an XSS flaw.This technique is more aimed at making fun videos satirizing websites or even playing with your friends… The code is very simple because it only emblems the application of the game in question and an opening of…

Improper Access Control – Generic: Unrestricted access to any “connected pack” on docs in coda.io

Summary: When adding a pack to the coda.io doc, a post request is sent to https://coda.io/internalAppApi/documents/[doc ID]/packs with data {“packId”:[pack Id]} where doc ID is the id of doc user wishes to add pack and pack ID is the pack user wants to install. But this request was unrestricted and the user could iterate the…