KacperSzurekEN
NGINX: misconfigurations examples
Kallithea - exploit git clone functionality
PHP PHAR - file_exists can be dangerous
SSH: How to login into multiple servers?
Spring Boot Actuator - security point of view
How to check account type using Burp Suite?
How to handle session expiration in BURP with macros?
![[BURP] 12 tricks for Burp Repeater](https://ricktube.ru/thumbnail/oWRseGm-a6I/mqdefault.jpg)
[BURP] 12 tricks for Burp Repeater
XSS Polyglot
postMessage: exchange data between different domains
Cross-Site Websocket Hijacking
Don't use assert in PHP
Clickjacking: how to delete someone else's account?
Open redirection: can automatic redirection be harmful?
RFD: Reflected File Download
Excel: CSV Injection
Angular: XSS without HTML tags
Python: XSS using SVG file
PHP: escapeshellcmd vs escapeshellarg
Java: Random vs SecureRandom
YAML: code execution using !!python/object
Python SSTI: Attack Flask framework using Jinja2 template engine
PHP: Bypass filters using less-than sign
Unzip: how to properly extract files? Symlinks and zip
Java XXE: Read secret files when parsing XML files
Ruby: execute command using URL in open() function
Python 2: Why you shouldn’t use input function
How does Two-Factor Authentication - 2FA work?
Race condition and git hooks vs Gitea server
Steal messages from Signal using RCE, CVE-2018-10994 explanation