Summary : In brief, stored (persistent) cross-site scripting (XSS) happens when an attacker injects malicious code into the target application and this content is permanently stored. Later, when victims visit a page with the stored malicious code, their browsers execute this code. Description : Me and my friend ethicalbughunter were…

Summary : HTTP Parameter Pollution (HPP) means to pollute the HTTP parameters of a web application for achieving a specific malicious task. It refers to manipulating how a website treats parameters it receives during HTTP requests. It changes a website’s behaviour from its intended one. HTTP parameter pollution is a simple…

Summary : Broken Link Hijacking (BLH) is a web-based attack where it exploits external links that are no longer valid. The attackers take over this expired, stale, and invalid external links on credible websites or web applications for malicious or fraudulent purposes. If your company uses an external link shortening…

Summary : SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. …

Summary : Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. The cybersecurity community doesn’t put enough emphasis…

Summary : Business logic errors will allow you to manipulate the business logic of an application. Sometimes business logic errors can have devastating effects on the applications. Business logic errors are difficult to find because they involve legitimate use of the application’s functionality. …

Summary : In a simple language “Google Dorks” is just a simple technique which can be used on google search engine to find security holes and sensitive information that is not easily available on a website. It is one of the most effective technique to find sensitive information of any…

Summary : Business logic vulnerabilities are ways of using the legitimate processing flow of an application in a way that results in a negative consequence. Description : I found this vulnerability on a private program of Bugcrowd where there was a comment section. I noticed that whenever any person makes…

Hello everyone, at first I want to thank you all for 1K family and I hope you guys are getting some knowledge from my blogs. I decided to write something interesting on 1K followers and luckily I found this material for the blog on vulnerability which I discovered in 2018. …