Path Traversal: A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the webroot folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on…
SerpScan -Automate your Recon using search engines
SerpScan -Automate your Recon using search engines Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line. …
How I hacked Facebook: Part Two
Description: This is the second and final part of How I hacked Facebook you can find part one here [ How I hacked Facebook: part one ]. I highly recommend reading part one to understand the storyline. In part one I have found Account takeover by an unsecured API which allowed me to change the password…
How I hacked Facebook: Part One
We’ve been in this pandemic since March and once the pandemic started I was having plenty of free time, And I need to use that time wisely, So I’ve decided to take the OSWE certification and I finished the exam on 8 of August, after that, I took a couple of weeks to recover from…
My AWAE/OSWE Journey and how I passed the exam
OSWE is an advanced web application security certification exam, you have to take the AWAE course which contains live labs for testing and learning and a lot of modules. The exam is designed for advanced information system auditors and pen-testers. The exam lasts for 48 Hours. The goal of the exam is to find 4…
How did i find information Disclosure on Facebook-Writeup
Hello everyone, This is my first writeup about the bug that I found on Facebook back on 3/1/2018. So, I wasn’t interested in Facebook bug bounty program for a while since I was so busy with my highschool exams back in 2018, I just wanted to collect some information about some users, and to…
Cracking WPA2,WPA Wifi Network
From today, I’ll start to post some Ideas and steps, about the smart house CTF, so I’ll start with cracking the WPA2, WPA wifi networks…
Ursulita Project – The Web developerstrap
Ursulita project is a web injectable backdoor for windows. Ursulita Project is for educational purposes only….
WordPress plugin – Recent GitHub Repos
Today we have a WordPress plugin that I wrote recently to use it on my website, but I decided to release it…
Webalizer Reader – Exoploit
Today’s release is another simple code written with PHP, We can consider this as an idea to read the Webalizer access log and FTP logs for every user on a Cpanel Linux server that uses Webalizer as a monitoring-logging method…