oxinfosecExploiting Parameter Tampering for purchasing paid products freeIn this article, I will demonstrate one of my findings of parameter tampering leads to the purchasing of paid products for free I was…Feb 11Feb 11
oxinfosecExploiting Blind SQL Injection manually [mod_waf bypass ]In this article, I will demonstrate how I exploited inband SQL injection in a web application.Jan 22Jan 22
oxinfosecHijacking dead code in binary exploitation — stack overflow 0x01In this article/tutorial I am going to exploit a dead code present in binary that is unused we will use that code for executing commands…Oct 15, 2023Oct 15, 2023
oxinfosecAutomating favicon.ico with regex and bash for mass port scanningIn this article we will automate and fetch the subdomains from favicon.ico and shodan and do mass port scanning for finding p1Jan 5, 20231Jan 5, 20231
oxinfosecCloudfare XSS bypass + improper csrf token leads to account takeover of victim accounttl;drNov 30, 20221Nov 30, 20221
oxinfosecExploit SUID misconfiguration for privilege escalationIn this article, I am going to explain what are SUID binaries how to exploit them for getting root shell i.e privilege escalation on the…Feb 12, 2022Feb 12, 2022
oxinfosecChaining Improper Authenticationto IDOR and no rate limit for mass account takeoverYou can also read this article hereNov 24, 2021Nov 24, 2021
oxinfosecEvil Regex Injection: Redos attackIn this article, I talk about how can be exploited regex to shut down the site for legitimate Users for a few hours or minutes depending on…May 24, 2021May 24, 2021
oxinfosecExploiting ssrf vulnerablity part 2hey folks! what’s up? This is my second artice about ssrf exploitation if you doesn’t read part 1 you can read it from in this article…Apr 24, 2021Apr 24, 2021