XSS Injection with SQLi

Posted on by _r00t1ng_

XSS Injection with SQLi (XSSQLi) XSS Injection with SQLi (XSSQLi) Well After our discussion on different types of injection and places you can find SQL injection Vulnerability, an attacker can successfully exploit and SQL injection vulnerability and get access over the database and if he is enough lucky to get access to the File System…

VPS Cheatsheet for bug hunting

Posted on by aninda_anon

I have found myself way too many times forgetting certain commands, or how to perform specific actions related to bug hunting. Solution: make a cheat sheet of all the useful commands. And I figured, you may find it useful, or maybe you already know all of them by heart in which case, good for you….

How to find valid and impactful CSRFs

Posted on by febin_rev

Hi , i am Febin , a security researcher. This is my first post in OBB blog, which is about the mighty CSRF attack. IMPACT OF CSRF: In a successful CSRF attack, the attacker causes the victim user to carry out an action unintentionally. For example, this might be to change the email address on…

Using {XSS} to play games on Site

Posted on by _r00t1ng_

Hello guys, today I’m going to teach you how to play inside any website that has an XSS flaw.This technique is more aimed at making fun videos satirizing websites or even playing with your friends… The code is very simple because it only emblems the application of the game in question and an opening of…

Improper Access Control – Generic: Unrestricted access to any “connected pack” on docs in coda.io

Posted on by 0xcrypto

Summary: When adding a pack to the coda.io doc, a post request is sent to https://coda.io/internalAppApi/documents/[doc ID]/packs with data {“packId”:[pack Id]} where doc ID is the id of doc user wishes to add pack and pack ID is the pack user wants to install. But this request was unrestricted and the user could iterate the…