Archivo

2025

21 / 07 SQLI
16 / 04 Stealing OAuth access tokens via an open redirect
15 / 04 OAuth account hijacking via redirect_uri
15 / 04 Forced OAuth profile linking
13 / 04 SSRF via OpenID dynamic client registration
13 / 04 Authentication bypass via OAuth implicit flow
06 / 04 CORS vulnerability with trusted insecure protocols
06 / 04 CORS vulnerability with trusted null origin
05 / 04 CORS vulnerability with basic origin reflection
01 / 04 Multistep clickjacking
01 / 04 Exploiting clickjacking vulnerability to trigger DOM-based XSS
28 / 03 Clickjacking with a frame buster script
26 / 03 Clickjacking with form input data prefilled from a URL parameter
26 / 03 Basic clickjacking with CSRF token protection
25 / 03 Exploiting time-sensitive vulnerabilities
25 / 03 Single-endpoint race conditions
24 / 03 Multi-endpoint race conditions
22 / 03 Bypassing rate limits via race conditions
21 / 03 Limit overrun race conditions
20 / 03 Performing CSRF exploits over GraphQL
17 / 03 CSRF with broken Referer validation
16 / 03 CSRF where Referer validation depends on header being present
16 / 03 SameSite Lax bypass via cookie refresh
13 / 03 SameSite Strict bypass via sibling domain
12 / 03 SameSite Strict bypass via client-side redirect
12 / 03 SameSite Lax bypass via method override
09 / 03 CSRF where token is duplicated in cookie
09 / 03 CSRF where token is tied to non-session cookie
07 / 03 CSRF where token is not tied to user session
07 / 03 CSRF where token validation depends on token being present
07 / 03 CSRF where token validation depends on request method
07 / 03 CSRF vulnerability with no defenses
04 / 03 Exploiting NoSQL operator injection to extract unknown fields
03 / 03 Exploiting NoSQL injection to extract data
02 / 03 Exploiting NoSQL operator injection to bypass authentication
01 / 03 Detecting NoSQL injection
28 / 02 Bypassing GraphQL brute force protections
27 / 02 Finding a hidden GraphQL endpoint
26 / 02 Accidental exposure of private GraphQL fields
26 / 02 Accessing private GraphQL posts
24 / 02 Authentication bypass via encryption oracle
22 / 02 Infinite money logic flaw
22 / 02 Authentication bypass via flawed state machine
20 / 02 Insufficient workflow validation
20 / 02 Weak isolation on dual-use endpoint
20 / 02 Inconsistent handling of exceptional input
20 / 02 Low-level logic flaw
19 / 02 Manipulating the WebSocket handshake to exploit vulnerabilities
19 / 02 Cross-site WebSocket hijacking
19 / 02 Manipulating WebSocket messages to exploit vulnerabilities
18 / 02 Indirect prompt injection
17 / 02 Exploiting vulnerabilities in LLM APIs
17 / 02 Exploiting LLM APIs with excessive agency
17 / 02 Exploiting a mass assignment vulnerability
16 / 02 Finding and exploiting an unused API endpoint
16 / 02 Exploiting server-side parameter pollution in a query string
16 / 02 Exploiting an API endpoint using documentation
12 / 02 SQL injection with filter bypass via XML encoding
12 / 02 Blind SQL injection with out-of-band data exfiltration
11 / 02 Blind SQL injection with out-of-band interaction
10 / 02 Blind SQL injection with time delays and information retrieval
10 / 02 Blind SQL injection with time delays
09 / 02 Visible error-based SQL injection
09 / 02 Blind SQL injection with conditional errors
01 / 02 Password brute-force via password change
01 / 02 Password reset poisoning via middleware
29 / 01 Offline password cracking
29 / 01 Brute-forcing a stay-logged-in cookie
28 / 01 2FA broken logic
27 / 01 Username enumeration via account lock
27 / 01 Broken brute-force protection, IP block
27 / 01 Username enumeration via response timing
23 / 01 Username enumeration via subtly different responses
22 / 01 Password reset broken logic
22 / 01 2FA simple bypass
22 / 01 Username enumeration via different responses
21 / 01 DOM-based cookie manipulation
21 / 01 DOM-based open redirection
19 / 01 DOM XSS using web messages and JSON.parse
19 / 01 DOM XSS using web messages and a JavaScript URL
19 / 01 DOM XSS using web messages
18 / 01 Exploiting XSS to bypass CSRF defenses
18 / 01 Exploiting cross-site scripting to capture passwords
18 / 01 Exploiting cross-site scripting to steal cookies
17 / 01 Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped
17 / 01 Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped
10 / 01 Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped
10 / 01 Reflected XSS into a JavaScript string with single quote and backslash escaped
10 / 01 Reflected XSS in canonical link tag
10 / 01 Reflected XSS with some SVG markup allowed
10 / 01 Reflected XSS into HTML context with all tags blocked except custom ones
09 / 01 Reflected XSS into HTML context with most tags and attributes blocked
09 / 01 Stored DOM XSS
08 / 01 Reflected DOM XSS
08 / 01 DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
07 / 01 DOM XSS in document.write sink using source location.search inside a select element
06 / 01 Reflected XSS into a JavaScript string with angle brackets HTML encoded
06 / 01 Stored XSS into anchor href attribute with double quotes HTML-encoded
06 / 01 Reflected XSS into attribute with angle brackets HTML-encoded
06 / 01 DOM XSS in jQuery selector sink using a hashchange event
05 / 01 DOM XSS in jQuery anchor href attribute sink using location.search source
03 / 01 DOM XSS in innerHTML sink using source location.search
03 / 01 DOM XSS in document.write sink using source location.search
02 / 01 Stored XSS into HTML context with nothing encoded
02 / 01 Reflected XSS into HTML context with nothing encoded
02 / 01 Exploiting Ruby deserialization using a documented gadget chain
02 / 01 Exploiting PHP deserialization with a pre-built gadget chain

2024

31 / 12 Exploiting Java deserialization with Apache Commons
31 / 12 Arbitrary object injection in PHP
29 / 12 Using application functionality to exploit insecure deserialization
29 / 12 Modifying serialized objects
29 / 12 Modifying serialized objects
08 / 12 JWT authentication bypass via kid header path traversal
08 / 12 JWT authentication bypass via jku header injection
08 / 12 Scanning non-standard data structures
08 / 12 Discovering vulnerabilities quickly with targeted scanning
08 / 12 Flawed enforcement of business rules
08 / 12 Inconsistent security controls
08 / 12 High-level logic vulnerability
08 / 12 Excessive trust in client-side controls
06 / 12 JWT authentication bypass via jwk header injection
06 / 12 JWT authentication bypass via weak signing key
06 / 12 JWT authentication bypass via flawed signature verification
06 / 12 JWT authentication bypass via unverified signature
05 / 12 Referer-based access control
05 / 12 Multi-step process with no access control on one step
05 / 12 Method-based access control can be circumvented
05 / 12 URL-based access control can be circumvented
04 / 12 Insecure direct object references
04 / 12 User ID controlled by request parameter with password disclosure
04 / 12 User ID controlled by request parameter with data leakage in redirect
04 / 12 User ID controlled by request parameter, with unpredictable user IDs
04 / 12 User ID controlled by request parameter
04 / 12 User role can be modified in user profile
04 / 12 User role controlled by request parameter
04 / 12 Unprotected admin functionality with unpredictable URL
04 / 12 Unprotected admin functionality
03 / 12 Information disclosure in version control history
03 / 12 Authentication bypass via information disclosure
03 / 12 Source code disclosure via backup files
03 / 12 Information disclosure on debug page
03 / 12 Information disclosure in error messages
01 / 12 Blind OS command injection with out-of-band data exfiltration
01 / 12 Blind OS command injection with out-of-band interaction
01 / 12 Blind OS command injection with output redirection
01 / 12 Blind OS command injection with time delays
01 / 12 OS command injection, simple case
29 / 11 SSRF with filter bypass via open redirection vulnerability
29 / 11 Blind SSRF with out-of-band detection
29 / 11 Blind SSRF with out-of-band detection
29 / 11 Basic SSRF against another back-end system
29 / 11 Basic SSRF against the local server
27 / 11 Exploiting XXE via image file upload
27 / 11 Exploiting XInclude to retrieve files
27 / 11 Exploiting blind XXE to retrieve data via error messages
27 / 11 Exploiting blind XXE to exfiltrate data using a malicious external DTD
27 / 11 Blind XXE with out-of-band interaction via XML parameter entities
27 / 11 Blind XXE with out-of-band interaction
27 / 11 Exploiting XXE to perform SSRF attacks
27 / 11 Exploiting XXE using external entities to retrieve files
25 / 11 Remote code execution via polyglot web shell upload
25 / 11 Web shell upload via obfuscated file extension
25 / 11 Web shell upload via extension blacklist bypass
25 / 11 Web shell upload via path traversal
24 / 11 File path traversal, validation of file extension with null byte bypass
24 / 11 File path traversal, validation of start of path
24 / 11 File path traversal, traversal sequences stripped with superfluous URL-decode
24 / 11 File path traversal, traversal sequences stripped non-recursively
24 / 11 File path traversal, traversal sequences blocked with absolute path bypass
24 / 11 File path traversal, simple case
24 / 11 Web shell upload via Content-Type restriction bypass
24 / 11 Remote code execution via web shell upload
23 / 11 Server-side template injection with information disclosure via user-supplied objects
23 / 11 Server-side template injection in an unknown language with a documented exploit
23 / 11 Server-side template injection using documentation
22 / 11 Basic server-side template injection (code context)
22 / 11 Basic server-side template injection
16 / 11 Blind SQL injection with conditional responses
15 / 11 SQL injection UNION attack, retrieving multiple values in a single column
15 / 11 SQL injection UNION attack, retrieving data from other tables
15 / 11 SQL injection UNION attack, finding a column containing text
15 / 11 SQL injection UNION attack, determining the number of columns returned by the query
15 / 11 SQL injection attack, listing the database contents on Oracle
15 / 11 SQL injection attack, listing the database contents on non-Oracle databases
13 / 11 SQL injection attack, querying the database type and version on MySQL and Microsoft
13 / 11 SQL injection attack, querying the database type and version on Oracle
13 / 11 SQL injection vulnerability allowing login bypass
12 / 11 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
24 / 10 CustomDebianKde
10 / 10 Busqueda
09 / 10 Chaos
08 / 10 Intelligence
07 / 10 Soccer
06 / 10 Manager
05 / 10 Broker
04 / 10 BoardLight
03 / 10 Blackfield
02 / 10 Authority
01 / 10 Aero
30 / 09 Sau
25 / 08 Hospital
24 / 08 Querier
23 / 08 Monteverde
22 / 08 Delivery
21 / 08 Support
20 / 08 Nodeblog
16 / 08 Forest
15 / 08 Sauna
14 / 08 Timelapse
13 / 08 Active
12 / 08 Schooled
11 / 08 Resolute
10 / 08 Tabby
09 / 08 ScriptKiddie
08 / 08 Blue
06 / 08 Remote
06 / 08 GoodGames
05 / 08 Arctic
04 / 08 Posion
03 / 08 Apocalyst
02 / 08 SolidState
01 / 08 Heist
31 / 07 Waldo
30 / 07 Antique
29 / 07 Toolbox
28 / 07 Devel
27 / 07 Driver
25 / 07 Netmon
24 / 07 Optimum
23 / 07 Jerry
23 / 07 Legacy
22 / 07 Grandpa
20 / 07 Granny
19 / 07 Bounty
18 / 07 Jeeves
17 / 07 Devzat
16 / 07 Love
15 / 07 Return
14 / 07 Tenten
13 / 07 Blocky
12 / 07 Shocker
12 / 07 Keeper
10 / 07 Union
08 / 07 Bolt
07 / 07 Knife
06 / 07 Stratosphere
06 / 07 Nibbles
04 / 07 Lame
01 / 07 Validation
01 / 07 NunChucks
30 / 06 Horizontall
27 / 06 Secret
22 / 06 TwoMillion