infosec-write-ups-medium
feeds.twtxt.netNo description provided.
When Reading the Source Code Is the Real Hack: A Web Challenge Story | v1t CTF ⌘ Read more
Reflected XSS → DVWA Walkthrough: Learn How User Input Can Trigger a Script Execution ⌘ Read more
** SQL Injection: Listing Database Contents on Non-Oracle Databases**
UNION-based SQL injection used to enumerate database tables, extract credential columns, dump usernames and passwords, and log in as the…
[Continue reading on I … ⌘ Read more
Privilege Escalation From Guest To Admin ⌘ Read more
CORS Vulnerability with Trusted Null Origin
Discover how a simple CORS misconfiguration can leak sensitive data across origins.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cors-vulnerability-with-trusted-null-origin-0f9593bd7674?source= … ⌘ Read more
How I Cleared the CISSP and CISM in 6 Months — A Realistic Strategy That Actually Works
The Opening: Why This Matters
[Continue reading on InfoSec Write-ups »](https://infosecwri … ⌘ Read more
CORS Vulnerability with Trusted Insecure Protocols
Understanding how insecure CORS configurations can expose sensitive data across subdomains.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cors-vulnerability-with-trusted-in … ⌘ Read more
Digital Forensics — Windows USB Artifacts [Insider Threat Case] ⌘ Read more
How to Find P1 Bugs using Google in your Target — (Part-2)
Earn rewards with this simple method.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-find-p1-bugs-using-google-in-your-target-part-2-d37a9bb0b2e7?sour … ⌘ Read more
**I Could Change Anyone’s Email Preferences — Without Logging In ** ⌘ Read more
Lab 3#: Finding and exploiting an unused API endpoint | Api Testing ⌘ Read more
A single unsanitized parameter is all an attacker needs
From Wooden Ducks to Digital Flags: My First v1t CTF OSINT Challenge ⌘ Read more
**How I Used AI to Become Someone Else (And Why Your Face Is No Longer Your Password) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-used-ai-to-b … ⌘ Read more
Capture: A TryHackMe CTF writeup ⌘ Read more
HTB Starting Point: Synced ⌘ Read more
**The Authorization Circus: Where Security Was the Main Clown **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-authorization-circus-where-security-was-the-main-clown-f4b84ca9356f?source=rss—-7b … ⌘ Read more
Time-of-check Time-of-use (TOCTOU) Race Condition Leads to Broken Authentication | Critical Finding ⌘ Read more
Account Takeover via IDOR: From UserID to Full Access ⌘ Read more
AI/ LLM Hacking — Part 6 — Excessive Agency | Insecure Plugin ⌘ Read more
HTB Starting Point: Mongod ⌘ Read more
**How I Used Sequential IDs to Download an Entire Company’s User Database (And The Joker Helped) **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosec … ⌘ Read more
Ehxb | Race Conditions Vulnerabilities I ⌘ Read more
Ehxb | Path Traversal Vulnerabilities ⌘ Read more
Tre — PG Play Writeup ⌘ Read more
**The Great Tenant Mix-Up: How I Accidentally Became Every Company’s Employee **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-great-tenant-mix-up-how-i-accidentally … ⌘ Read more
How I Cracked the eJPT Exam in Just 3 Hours with a Score of 85% ⌘ Read more
A Hacker’s Journey to NASA’s Hall of Fame ⌘ Read more
Idor — TryHackMe writeup ⌘ Read more
Web Cache Deception Attack – A Hidden Threat in Today’s Web Applications ⌘ Read more
SQL Injection Leads to dump the Student PII ⌘ Read more
HTB Academy: Windows Fundamentals ⌘ Read more
011e021d6fa524b55bfc5ba67522daeb | MD5 Breakdown? ⌘ Read more
#4 RFI: From an External URL Into your Application
Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…
[Continue reading on InfoSec Write-ups »](https://infosecwrit … ⌘ Read more
**How I Made ChatGPT My Personal Hacking Assistant (And Broke Their “AI-Powered” Security) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-m … ⌘ Read more
Hack the Box: Nibbles Walkthrough ⌘ Read more
**How I Hacked JWT Tokens and Became Everyone on the Internet (Temporarily) **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-hacked-jwt-tokens-and-became-everyone-on-t … ⌘ Read more
Exposed API Keys and Secrets with AI
Quick Disclosure of API Key and Secret to guess parameter value
$1000 Bounty: GitLab Security Flaw Exposed
How a $1000 Bounty Hunt Revealed a GraphQL Type Check Nightmare Allowing Maintainers to Nuke Repositories
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-bounty-gitlab-security-flaw-exposed-dd30978 … ⌘ Read more
**How I Became the Unofficial Company Archivist (And Saw Things I Can’t Unsee) **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-the-unofficial-company-archiv … ⌘ Read more
Planning — HackTheBox Walkthrough ⌘ Read more
Relevant — TryHackMe Room Walkthrough ⌘ Read more
The $2,000 Bug That Changed My Life: How a Tiny URL Parameter Broke Web-Store Pricing !! ⌘ Read more
Reverse Polish Pwn Writeup | FortID CTF 2025 ⌘ Read more
“The $10,000 Handlebars Hack: How Email Templates Led to Server Takeover”
While studying advanced template injection techniques, I came across one of the most fascinating bug bounty stories I’ve ever encountere … ⌘ Read more
**The Day I Became Everyone: How User Swapping Turned Me into a Digital Shapeshifter **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-day-i-became-ev … ⌘ Read more
“The $12,500 DNS Trick That Hacked Snapchat’s Cloud Servers”
While studying advanced SSRF techniques, I came across a fascinating case where researchers @nahamsec, @daeken, and @ziot combined DNS…
[Continue reading on InfoSec Write-ups … ⌘ Read more
How I Reported a Pre-Account Hijack Affecting Any Gmail User (Even Google Employees)- My Bug… ⌘ Read more
Unveiling Hidden AWS Keys In My First Android Pentest
We often find our greatest challenges — and lessons — in the most unexpected places. For me, it was during a casual, personal e … ⌘ Read more
**How I Became an Accidental Admin and Almost Got Fired (From Someone Else’s Company) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-an-acci … ⌘ Read more
️ Spring Boot API Security Like a Pro: Rate Limiting, Replay Protection & Signature Validation…
Learn how to secure your Spring Boot APIs using rate lim … ⌘ Read more
25. Monetizing Your Skills Beyond Bug Bounty
Turn your hacking expertise into a thriving career beyond bounties.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss—-7b722bf … ⌘ Read more
The Art of Breaking OAuth: Real-World Exploit and Misuses ⌘ Read more
Mastering Host Header Injection: Techniques, Payloads and Real-World Scenarios
Learn How Attackers Manipulate Host Headers to Compromise Web Applications and How to Defend Against It
[Continue re … ⌘ Read more
The Ultimate Guide to 403 Forbidden Bypass (2025 Edition)
Master the art of 403 bypass with hands-on examples, tools and tips..
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-guide-to-403-forbidden-byp … ⌘ Read more
How to Identify Sensitive Data in JavaScript Files: (JS-Recon)
A complete guide to uncovering hidden secrets, API keys, and credentials inside JavaScript files
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/h … ⌘ Read more
FFUF Mastery: The Ultimate Web Fuzzing Guide
Practical techniques, wordlists, and templates to fuzz every layer of a web app.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ffuf-mastery-the-ultimate-web-fuzzing-guide-f7755c396b92?source= … ⌘ Read more
How I Mastered Blind SQL Injection With One Simple Method
Transforming my web security skills by learning to listen to a silent database
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-mastered-blind-sql-injection-w … ⌘ Read more
ProtoVault Breach Forensics Challenge Offsec CTF Week 1
Maverick is back again with a fresh article this time I dug into ProtoVault Breach, the Week 1 forensics challenge from the Offsec CTF…
[Continue reading on InfoSec Write-ups »](ht … ⌘ Read more
Internal Password Spraying from Linux: Attacking Active Directory
[Continue rea … ⌘ Read more
How I was able to discover Broken Access Control ⌘ Read more
How I Found a $250 XSS Bug After Losing Hope in Bug Bounty
📌 Free Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rss—-7b722bf … ⌘ Read more
23. Tools vs. Mindset: What Matters More in 2025
Why the Right Mindset Will Outperform the Most Advanced Tools
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/23-tools-vs-mindset-what-matters-more-in-2025-1be217350787?source=rss—-7b7 … ⌘ Read more
How to Find XSS Vulnerabilities in 2 Minutes [Updated]
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-xss-vulnerabilities-in-just-2-minutes-d14b63d00 … ⌘ Read more
** Encrypt & Decrypt Database Fields in Spring Boot Like a Pro (2025 Secure Guide)**
“Your database backup just leaked. Is your data still safe?”
[Continue reading on InfoSec Write-ups »](https://infos … ⌘ Read more
Reflected in the DOM, Escalated to Account Takeover ⌘ Read more
A Bug Hunter’s Guide to CSP Bypasses (Part 1) ⌘ Read more
CTF to Bug Bounty: Part 1 of the Beginner’s Series for Aspiring Hunters
From CTF flags to real-world bugs — your next hacking adventure starts here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups. … ⌘ Read more
Bypass 403 Response Code by Adding Creative String | IRSYADSEC
HTTP 403 is a response code indicating that access to the requested resource is forbidden. This can happen due to various reasons, such as…
[Continue reading on Inf … ⌘ Read more
Hack the Box Starting Point: Preignition ⌘ Read more
How Prosper Landed His First Cybersecurity Job (and What You Can Learn From It) ⌘ Read more
Beyond the Shell: Advanced Enumeration and Privilege Escalation for OSCP (Part 3)
Part 3 reveals the high-value Windows PrivEsc methods that defeat rabbit holes. Master file transfer, service … ⌘ Read more
CVE Deep Dive : CVE-2025–32463 ⌘ Read more
** SecurityFilterChain Explained: The Secret Sauce Behind Spring Security**
Spring Security has evolved — the old WebSecurityConfigurerAdapter is gone, and the new SecurityFilterChain is now the backbone of Spring…
… ⌘ Read more
“The Overlooked P4 Goldmine: Turning Simple Flaws into Consistent Bounties”
We’ve all been there — scrolling through bug bounty platforms, seeing hunters post about critical RCEs and complex chain exploit … ⌘ Read more
CVE Deep Dive : CVE-2025–32462 ⌘ Read more
Master Web Fuzzing: A Cheat‑Sheet to Finding Hidden Paths
Hey there, back again with another post! 😄
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/master-web-fuzzing-a-cheat-sheet-to-finding-hidden-paths-6c2bcf5 … ⌘ Read more
Hash Me If You Can — How I Beat a 2-Second Hashing Challenge on RingZer0Team ⌘ Read more
** How to Use AI to Learn Bug Hunting & Cybersecurity Like a Pro (in 2025)**
Hey there 👋,
I’m Vipul, the mind behind The Hacker’s Log — where I break down the hacker’s mindset, tools, and secrets 🧠💻
[Continue reading … ⌘ Read more
** The Access Control Apocalypse: How Broken Permissions Gave Me Keys to Every Digital Door**
Hey there😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
Authentication bypass via sequential user IDs in Microsoft SSO integration | Critical Vulnerability
If you’re a penetration tester or bug bounty hunter, n … ⌘ Read more
Account Take Over | P1 — Critical
It started off like any other day until I got an unexpected email — an invite to a private bug bounty program. Curious, I jumped in. The…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour … ⌘ Read more
The weirdest bug:When Reflected XSS Won’t Let a Page Breathe ⌘ Read more
The Critical $1000 Bug:(blind SQL injection) ⌘ Read more
How to break RSA? A guide for Hackers and CTF players to crack the RSA encryption algorithm ⌘ Read more
Kerberos Authentication — In Layman terms ⌘ Read more
22. How to Get Invites to Private Programs
Unlock the secrets to landing exclusive private program invites and level up your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/22-how-to-get-invites-to-private-programs-9bbb5166 … ⌘ Read more
How I found an unauthenticated goldmine of PII ⌘ Read more
Living Off the Cloud: Abusing Cloud Services for Red Teaming | Cyber Codex ⌘ Read more
21. Tips for Staying Consistent and Avoiding Burnout
What if the secret to lasting success isn’t working harder, but pacing yourself smarter?
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/21-tips-for-staying-consistent-an … ⌘ Read more
Business Logic Error - Bypassing Payment with Test Cards ⌘ Read more
My BTL1 Review ⌘ Read more
Unbelievable Security Hole: JWT Secret in a Series-B Funded Company
It started as a routine penetration test. Little did I know I was about to uncover one of the most basic yet catastrophic security…
[Continue reading on … ⌘ Read more
The $500 Stored XSS Bug in SideFX’s Messaging System
Hacking the Inbox: How a $500 Stored XSS Bug Exposed SideFX’s Messaging Flaw
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-500-stored-xss-bug-in-sidefxs-messaging-sys … ⌘ Read more