terjanq – Medium

terjanq

WAF bypasses via 0days

based on findings from a live hacking event

4 min readSep 23, 2022

--

1

WAF bypasses via 0days

--

1

terjanq

How to solve an XSS challenge from Intigriti in under 60 minutes

Writeup to Intigriti’s 0621 XSS challenge

8 min readJun 27, 2021

--

2

How to solve an XSS challenge from Intigriti in under 60 minutes

--

2

terjanq

Arbitrary Parentheses-less XSS

against strict CSP policies

8 min readAug 9, 2020

--

Arbitrary Parentheses-less XSS

--

terjanq

Blind SQL Injection without an “in”

Alternative ways to retrieve table names in MySQL — without information_schema.

5 min readJan 7, 2020

--

Blind SQL Injection without an “in”

--

terjanq

Clobbering the clobbered vol. 2

Write-up based on “simple” XSS challenge by @terjanq

3 min readDec 27, 2019

--

Clobbering the clobbered vol. 2

--

terjanq

Massive XS-Search over multiple Google products

A couple of months back, I took a part in researching dangers that come from Cache Probing Attack and new ways to exploit the…

2 min readNov 12, 2019

--

Massive XS-Search over multiple Google products

--

terjanq

Clobbering the clobbered — Advanced DOM Clobbering

Based on @SecurityMB XSS Challenge

9 min readSep 26, 2019

--

3

Clobbering the clobbered — Advanced DOM Clobbering

--

3

terjanq

XSS-Auditor — the protector of unprotected

and the deceiver of protected.

4 min readApr 25, 2019

--

2

XSS-Auditor — the protector of unprotected

--

2

terjanq

How I am able to hijack you.

or rather: How I am able to hijack your autosuggestions in Google Search.

3 min readApr 3, 2019

--

1

How I am able to hijack you.

--

1

terjanq
in
InfoSec Write-ups

Google Books X-Hacking

Cross-Site Search on Google Books by abusing the XSS Auditor

4 min readMar 21, 2019

--

2

Google Books X-Hacking

--

2

terjanq

terjanq

Security enthusiast that loves playing CTFs and hunting for bugs in the wild. Also likes to do some chess once in a while. twitter.com/terjanq

Following

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams