oxinfosecExploiting Parameter Tampering for purchasing paid products freeIn this article, I will demonstrate one of my findings of parameter tampering leads to the purchasing of paid products for free I was…2 min read·Feb 11, 2024----
oxinfosecExploiting Blind SQL Injection manually [mod_waf bypass ]In this article, I will demonstrate how I exploited inband SQL injection in a web application.3 min read·Jan 22, 2024----
oxinfosecHijacking dead code in binary exploitation — stack overflow 0x01In this article/tutorial I am going to exploit a dead code present in binary that is unused we will use that code for executing commands…4 min read·Oct 15, 2023----
oxinfosecAutomating favicon.ico with regex and bash for mass port scanningIn this article we will automate and fetch the subdomains from favicon.ico and shodan and do mass port scanning for finding p12 min read·Jan 5, 2023--1--1
oxinfosecCloudfare XSS bypass + improper csrf token leads to account takeover of victim accounttl;dr3 min read·Nov 30, 2022--1--1
oxinfosecExploit SUID misconfiguration for privilege escalationIn this article, I am going to explain what are SUID binaries how to exploit them for getting root shell i.e privilege escalation on the…3 min read·Feb 12, 2022----
oxinfosecChaining Improper Authenticationto IDOR and no rate limit for mass account takeoverYou can also read this article here3 min read·Nov 24, 2021----
oxinfosecEvil Regex Injection: Redos attackIn this article, I talk about how can be exploited regex to shut down the site for legitimate Users for a few hours or minutes depending on…2 min read·May 24, 2021----
oxinfosecExploiting ssrf vulnerablity part 2hey folks! what’s up? This is my second artice about ssrf exploitation if you doesn’t read part 1 you can read it from in this article…4 min read·Apr 24, 2021----