Main / Tricks

Web security tricks

Published every one-three days. Want to suggest something? Contact us!
# title date views author
trick #17 Exploiting local.victim.com with A record 127.0.0.1 25 Feb'2014 2696 sergeybelove
trick #16 Load Balancing Firewall Bypass via Encoded IP Address Tampering 24 Feb'2014 2189 decalresponds
trick #15 Form Mailer MIME Attachment Injection 15 Feb'2014 2031 decalresponds
trick #14 Bypassing Same-Origin Policy With a Single Byte 09 Feb'2014 2992 decalresponds
trick #13 Tampering HOST header while password reset 09 Feb'2014 13197 sergeybelove
trick #12 Valid png image which can execute as PHP file 02 Feb'2014 4450 sergeybelove
trick #11 Express Android/iOS apps static security analysis 27 Jan'2014 2029 sergeybelove
trick #10 Bypass protection from clickjacking 24 Jan'2014 2502 sergeybelove
trick #9 Reading files in MySQL with file_priv = no 21 Jan'2014 2931 sergeybelove
trick #8 Bypassing url encoding by browser 17 Jan'2014 3587 sergeybelove
trick #7 Receiving data with blind XXE 15 Jan'2014 2482 sergeybelove
trick #6 Bypassing CSP and execute JS from gif file 14 Jan'2014 2431 sergeybelove
trick #5 Bypass "Content-Disposition: attachment" and render html/execute js 10 Jan'2014 2430 sergeybelove
trick #4 Not a popular place while testing for XSS 09 Jan'2014 11164 sergeybelove
trick #3 CRLF: bypass PHP protection 08 Jan'2014 15868 sergeybelove
trick #2 SOP bypassing tricks 06 Jan'2014 3711 sergeybelove
trick #1 Leaking oauth / bypassing redirect restrictions 05 Jan'2014 2393 sergeybelove