terjanq – Medium

terjanq

WAF bypasses via 0days

based on findings from a live hacking event

Sep 23, 2022

WAF bypasses via 0days

Sep 23, 2022

How to solve an XSS challenge from Intigriti in under 60 minutes

Writeup to Intigriti’s 0621 XSS challenge

Jun 27, 2021

How to solve an XSS challenge from Intigriti in under 60 minutes

Jun 27, 2021

Arbitrary Parentheses-less XSS

against strict CSP policies

Aug 9, 2020

Arbitrary Parentheses-less XSS

Aug 9, 2020

Blind SQL Injection without an “in”

Alternative ways to retrieve table names in MySQL — without information_schema.

Jan 7, 2020

Blind SQL Injection without an “in”

Jan 7, 2020

Clobbering the clobbered vol. 2

Write-up based on “simple” XSS challenge by @terjanq

Dec 27, 2019

Clobbering the clobbered vol. 2

Dec 27, 2019

Massive XS-Search over multiple Google products

A couple of months back, I took a part in researching dangers that come from Cache Probing Attack and new ways to exploit the…

Nov 12, 2019

Massive XS-Search over multiple Google products

Nov 12, 2019

Clobbering the clobbered — Advanced DOM Clobbering

Based on @SecurityMB XSS Challenge

Sep 26, 2019

Clobbering the clobbered — Advanced DOM Clobbering

Sep 26, 2019

XSS-Auditor — the protector of unprotected

and the deceiver of protected.

Apr 25, 2019

XSS-Auditor — the protector of unprotected

Apr 25, 2019

How I am able to hijack you.

or rather: How I am able to hijack your autosuggestions in Google Search.

Apr 3, 2019

How I am able to hijack you.

Apr 3, 2019

Published in

InfoSec Write-ups

Google Books X-Hacking

Cross-Site Search on Google Books by abusing the XSS Auditor

Mar 21, 2019

Google Books X-Hacking

Mar 21, 2019

terjanq

terjanq

Security enthusiast that loves playing CTFs and hunting for bugs in the wild. Also likes to do some chess once in a while. twitter.com/terjanq

Following

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech