Author: Alaa Abdulridha

ASP.NET CORE Path Traversal

Path Traversal: A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the webroot folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on…


SerpScan -Automate your Recon using search engines

SerpScan -Automate your Recon using search engines Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line.  …


How I hacked Facebook: Part Two

Description: This is the second and final part of How I hacked Facebook you can find part one here [ How I hacked Facebook: part one ]. I highly recommend reading part one to understand the storyline. In part one I have found Account takeover by an unsecured API which allowed me to change the password…


How I hacked Facebook: Part One

We’ve been in this pandemic since  March and once the pandemic started I was having plenty of free time, And I need to use that time wisely, So I’ve decided to take the OSWE certification and I finished the exam on 8 of August, after that, I took a couple of weeks to recover from…


My AWAE/OSWE Journey and how I passed the exam

OSWE is an advanced web application security certification exam, you have to take the AWAE course which contains live labs for testing and learning and a lot of modules. The exam is designed for advanced information system auditors and pen-testers. The exam lasts for 48 Hours. The goal of the exam is to find 4…


How did i find information Disclosure on Facebook-Writeup

Hello everyone, This is my first writeup about the bug that I found on Facebook back on 3/1/2018.   So, I wasn’t interested in Facebook bug bounty program for a while since I was so busy with my highschool exams back in 2018, I just wanted to collect some information about some users, and to…


Cracking WPA2,WPA Wifi Network

    From today, I’ll start to post some Ideas and steps, about the smart house CTF, so I’ll start with cracking the WPA2, WPA wifi networks…


Ursulita Project – The Web developerstrap

Ursulita project is a web injectable backdoor for windows. Ursulita Project is for educational purposes only….


WordPress plugin – Recent GitHub Repos

Today we have a WordPress plugin that I wrote recently to use it on my website, but I decided to release it…


Webalizer Reader – Exoploit

Today’s release is another simple code written with PHP, We can consider this as an idea to read the Webalizer access log and FTP logs for every user on a Cpanel Linux server that uses Webalizer as a monitoring-logging method…