Use Vulhub to reproduce Next.js Middleware Authorization Bypass (CVE-2025-29927)
https://t.co/JytCIYSx7C
First screenshot 👉 Unauthorized and direct to login page
Second screenshot 👉 Bypass
I have published a tool based on jadx that helps analyze Java applications.
https://t.co/jVTKEM9fIc
BFScan generates HTTP requests and OpenAPI specs based on config files and class/method annotations.
It also searches strings that look like URIs, paths, or secrets.
You can bypass path-based WAF restrictions by appending raw/unencoded non-printable and extended-ASCII characters like \x09 (Spring), \xA0 (Express), and \x1C-1F (Flask):
At long last: Iconv, set the charset to RCE (part 3): in this final part of the iconv series, @cfreal_ demonstrates how you can use CVE-2024-2961 to convert BLIND file reads to RCE. https://t.co/NipFAehQXY
Take your XSS detection to the next level with Nuclei’s headless mode! Detect script execution in real-time with JavaScript dialog handling—no complex matchers needed.
Learn more: https://t.co/PSM9Hn3iTt
#hackwithautomation#xss#headless#bugbounty#security
An interesting take, and while there are some elements I can see I don’t quite agree with it. It’s a really simplistic take and not so quite simple in reality. https://t.co/IBfRfDJ7j1
new blogpost time!!
this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty
lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c:
have fun!
https://t.co/64ZAIVHoSO
New Release: bypass-url-parser==0.4.3 !
- Json mode & @orange_8361 new work added by @jtop_fap 🍊
- Regression & Install tests, packages, releases by @DugnyG & I ! 🌹
Happy scans! 😘
https://t.co/NRtfyzjrFm