June 24, 2024

MongoDB NoSQL Injection with Aggregation Pipelines

August 8, 2023

Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899 & CVE-2023-36560)

August 1, 2023

Anchor Tag XSS Exploitation in Firefox with Target=”_blank”

July 31, 2023

Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure!

November 1, 2020

My MDSec Blog Posts so far in 2020/2021!

September 21, 2019

File Upload Attack using XAMLX Files

August 16, 2019

Uploading web.config for Fun and Profit 2

July 10, 2019

IIS Application vs. Folder Detection During Blackbox Testing

May 11, 2019

Danger of Stealing Auto Generated .NET Machine Keys

May 4, 2019

x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again!

Cookies