Writeup to Intigriti’s 0621 XSS challenge — Twelve hours before the deadline, the latest XSS challenge from Intigriti was only solved by 14 people. Many people ask me how do I solve those challenges so quickly and the answer to that question is probably Experience. But is it only the experience gained from solving XSS challenges? I…

against strict CSP policies — In the past years, an interesting XSS vector was put on a table by some researchers, and that is Parentheses-less XSS. It’s not a mystery that there are known payloads that will execute arbitrary XSS with limited charsets. One of the simplest payloads out there is location=name which with adequate…

Alternative ways to retrieve table names in MySQL — without information_schema. — As for the sake of exercising, I looked up a few web challenges on TetCTF and noticed an interesting one — ”Secure System”. When solving the challenge, I explored many SQL Injection techniques that you will probably not find in any tutorials. Enjoy reading! The challenge was to craft a…

Write-up based on “simple” XSS challenge by @terjanq — In my previous write-up about DOM Clobbering, I presented a solution to an XSS challenge that involved overriding a CONFIG variable via the mentioned technique. …

Based on @SecurityMB XSS Challenge — This is a write-up for an XSS Challenge that popped out on Twitter recently. In this article, I will talk through three different approaches that one could take to solve the challenge, including the shortest among the submitted solutions. …

and the deceiver of protected. — Quick introduction: The XSS-Auditor is a tool implemented by various browsers whose intention is to detect any reflected XSS (Cross-site scripting) vectors and block/filter each of them. The XSS Auditor runs during the HTML parsing phase and attempts to find reflections from the request to the response body. …