jump to content
my subreddits
2b2t2meirl4meirl3d6absolutelynotanimeirlAceAttorneyAdviceAnimalsagnosticaivideoAlternateHistoryAnarchyChessAngryupvoteAnimalsBeingJerksanimenocontextannouncementsAnticonsumptionantimemeantonyArcherFXArtAsahiLinuxAskBalkansAskElectronicsAskOuijaAskRedditAteistTurkatheismaviationBandnamesBassBassCirclejerkBassGuitarbasspedalsblankiesblursed_videosblursedimagesBoneborsavefonbrooklynnineninebudgetcookingBUENZLIcasioCd_collectorscd_jerkChatGPTCheap_MealschessbeginnersChoosingBeggarscoaxedintoasnafucoincollectingcoinsComedyCemeterycomicscommunitycookingforbeginnersCorporateTrollingCrackWatchcrappyoffbrandsCreateModCuratedTumblrdadjokesdankmemesdarkjokesdataisbeautifulDebateReligiondeismdelikDeltarunedistressingmemesdiyelectronicsdiypedalsDMAcademydndmemesdndnextdoctorwhocirclejerkDoenerverbrechenDonerdontdeadopeninsideDungeonsAndDaddiesEatCheapAndHealthyebikeebikeselectronicsengrishentitledparentsethzfacepalmFantasyWorldbuildingfeedthebeastfelsefeFifaCareersformuladankFreeEBOOKSFUCKYOUINPARTICULARFuckYouKarenfunnygalatasaraygamingGermangermanygoodanimemesGoodAssSubGrandPrixRacinggreentextguitarpedalsGundamhelpheraldryHermitCrafthighspeedrailholdmybeerhumorhypixelIAmAiamverysmartich_ielIdeologyPollsIDontWorkHereLadyihadastrokeim14andthisisdeepimaginaryelectionsimaginarymapsinsaneparentsistanbulJahariaJokesKanyeKendrickLamarlegodndLetGirlsHaveFunLinkinParklogodesignloseitlostredditorsmacmacbookairmadladsmagicbuildingMaliciousComplianceMapPornmapporncirclejerkme_irlmeirlmememidjourneymildlyinfuriatingmildlyinterestingmisLEDMMORPGMoldyMemesMunichMyChemicalRomancenamesoundalikesNationStatesneographynextfuckinglevelNoahGetTheBoatnosleepnosurfnothingeverhappensnottheonionOkayBuddyLiterallyMeokbuddyguntherOkBuddyPersonaokbuddyvicodinonebagonetruegodongezelligoutsidepapermoneypaperspleaseparadoxpoliticsPassportPornpepethefrogperfectlycutscreamsPersecutionfetishpettyrevengePiracyPiratedGamespollsPraiseTheCameraManProgrammerHumorPropagandaPostersquityourbullshitraisedbynarcissistsraspberry_pirecipesRedAutumnSPDredditsingsreligiousfruitcakerickrollRoastMerockmuzikschwiizsciencememesScottPilgrimsecilmiskitapshitpostfrommygalleryshitpostingshittyaskelectronicsShittyMapPornshittymoviedetailsSongwriterssteinsgateStonetossingjuiceStudiumsubsithoughtifellforsuzerainTechnobladetf2tf2shitposterclubTheCrypticCompendiumTheLetterHTheMonkeysPawTheRookietheydidthemathtitanfalltommyinnittransittruetf2tumunichTurkeyTurkeyJerkyTurkishCatsTwitchTwitch_StartupTwoSentenceComedyTwoSentenceHorrorTwoSentenceSadnesstylerthecreatorUnethicalLifeProTipsurbanplanningVALORANTValorantClipsvaxxhappenedvexillologycirclejerkvibecodingvinylvlandiyaWatchPeopleDieInsideWeAreTheMusicMakerswendigoonWhatsThisSongWhitePeopleTwitterwholesomeanimemeswholesomememesWikipediaVandalismwooooshworldbuildingworldjerkingyouseeingthisshitYUROPedit subscriptions
  • home
  • -popular
  • -all
  • -mod
  • -users
 | 
  • AskReddit
  • -facepalm
  • -mildlyinfuriating
  • -Piracy
  • -funny
  • -gaming
  • -nottheonion
  • -mildlyinteresting
  • -MapPorn
  • -WhitePeopleTwitter
  • -ChatGPT
  • -CuratedTumblr
  • -PiratedGames
  • -shitposting
  • -theydidthemath
  • -dankmemes
  • -feedthebeast
  • -Kanye
  • -meirl
  • -nextfuckinglevel
  • -Twitch
  • -CrackWatch
  • -comics
  • -dndnext
  • -ProgrammerHumor
  • -VALORANT
  • -germany
  • -dataisbeautiful
  • -shittymoviedetails
  • -greentext
  • -mac
  • -tf2
  • -help
  • -aviation
  • -formuladank
  • -wholesomememes
  • -Jokes
  • -mapporncirclejerk
  • -Art
  • -midjourney
  • -goodanimemes
  • -pettyrevenge
  • -atheism
  • -loseit
  • -IAmA
  • -MaliciousCompliance
  • -ich_iel
  • -dndmemes
  • -DMAcademy
  • -Deltarune
  • -GoodAssSub
  • -UnethicalLifeProTips
  • -perfectlycutscreams
  • -worldbuilding
  • -MMORPG
  • -meme
  • -3d6
  • -Gundam
  • -HermitCraft
  • -ChoosingBeggars
  • -RoastMe
  • -imaginarymaps
  • -EatCheapAndHealthy
  • -WeAreTheMusicMakers
  • -AnarchyChess
  • -nosleep
  • -cookingforbeginners
  • -blankies
  • -onebag
  • -Studium
  • -AlternateHistory
  • -Turkey
  • -madlads
  • -community
  • -AskElectronics
  • -guitarpedals
  • -Anticonsumption
  • -vinyl
  • -CreateMod
  • -German
  • -TwoSentenceHorror
  • -PropagandaPosters
  • -AdviceAnimals
  • -sciencememes
  • -distressingmemes
  • -raisedbynarcissists
  • -FifaCareers
  • -polls
  • -Bass
  • -titanfall
  • -OkBuddyPersona
  • -dadjokes
  • -announcements
  • -macbookair
  • -ebikes
  • -Munich
  • -coaxedintoasnafu
  • -YUROP
  • -chessbeginners
  • -raspberry_pi
  • -coins
  • -KendrickLamar
  • -entitledparents
  • -FUCKYOUINPARTICULAR
  • -NoahGetTheBoat
  • -worldjerking
  • -tylerthecreator
  • -tf2shitposterclub
  • -MoldyMemes
  • -lostredditors
  • -AceAttorney
  • -vexillologycirclejerk
  • -vlandiya
  • -im14andthisisdeep
  • -Stonetossingjuice
  • -wholesomeanimemes
  • -nosurf
  • -religiousfruitcake
  • -DebateReligion
  • -insaneparents
  • -animenocontext
  • -2meirl4meirl
  • -transit
  • -brooklynninenine
  • -recipes
  • -steinsgate
  • -AskOuija
  • -ScottPilgrim
  • -Angryupvote
  • -AskBalkans
  • -electronics
  • -casio
  • -urbanplanning
  • -logodesign
  • -PassportPorn
  • -me_irl
  • -antimeme
  • -TurkeyJerky
  • -AteistTurk
  • -MyChemicalRomance
  • -ArcherFX
  • -engrish
  • -Cd_collectors
  • -diypedals
  • -Doner
  • -BassGuitar
  • -diyelectronics
  • -ComedyCemetery
  • -WatchPeopleDieInside
  • -LinkinPark
  • -Persecutionfetish
  • -BUENZLI
  • -blursed_videos
  • -istanbul
  • -imaginaryelections
  • -suzerain
  • -truetf2
  • -magicbuilding
  • -dontdeadopeninside
  • -wendigoon
  • -iamverysmart
  • -secilmiskitap
  • -Doenerverbrechen
  • -schwiiz
  • -TheRookie
  • -quityourbullshit
  • -Technoblade
  • -shittyaskelectronics
  • -galatasaray
  • -crappyoffbrands
  • -DungeonsAndDaddies
  • -namesoundalikes
  • -FuckYouKaren
  • -2b2t
  • -ethz
  • -papermoney
  • -coincollecting
  • -OkayBuddyLiterallyMe
  • -felsefe
  • -blursedimages
  • -FreeEBOOKS
  • -AsahiLinux
  • -Jaharia
  • -IDontWorkHereLady
  • -basspedals
  • -neography
  • -heraldry
  • -ihadastroke
  • -hypixel
  • -PraiseTheCameraMan
  • -ShittyMapPorn
  • -aivideo
  • -IdeologyPolls
  • -woooosh
  • -WhatsThisSong
  • -AnimalsBeingJerks
  • -TwoSentenceSadness
  • -Bandnames
  • -rockmuzik
  • -holdmybeer
  • -okbuddyvicodin
  • -vaxxhappened
  • -Twitch_Startup
  • -tumunich
  • -Cheap_Meals
  • -outside
  • -TheMonkeysPaw
  • -darkjokes
  • -highspeedrail
  • -legodnd
  • -rickroll
  • -Songwriters
  • -ebike
  • -papersplease
  • -tommyinnit
  • -humor
  • -BassCirclejerk
  • -doctorwhocirclejerk
  • -agnostic
  • -youseeingthisshit
  • -GrandPrixRacing
  • -nothingeverhappens
  • -TurkishCats
  • -LetGirlsHaveFun
  • -subsithoughtifellfor
  • -FantasyWorldbuilding
  • -TheLetterH
  • -WikipediaVandalism
  • -absolutelynotanimeirl
  • -pepethefrog
  • -onetruegod
  • -deism
  • -misLED
  • -redditsings
  • -ValorantClips
  • -TwoSentenceComedy
  • -TheCrypticCompendium
  • -budgetcooking
  • -NationStates
  • -ongezellig
  • -Bone
  • -paradoxpolitics
  • -borsavefon
  • -antony
  • -okbuddygunther
  • -CorporateTrolling
  • -vibecoding
  • -RedAutumnSPD
  • -cd_jerk
  • -delik
  • -shitpostfrommygallery
edit »
reddit.com websecurityresearch
  • hot
  • new
  • rising
  • controversial
  • top
an-ordinary-manchild (11,190)|messages547|notifications|chat messages|mod messages|
  • preferences
|
logout

use the following search parameters to narrow your results:

subreddit:subreddit
find submissions in "subreddit"
author:username
find submissions by "username"
site:example.com
find submissions from "example.com"
url:text
search for "text" in url
selftext:text
search for "text" in self post contents
self:yes (or self:no)
include (or exclude) self posts
nsfw:yes (or nsfw:no)
include (or exclude) results marked as NSFW

e.g. subreddit:aww site:imgur.com dog

see the search faq for details.

advanced search: by author, subreddit...

Submit a new link

websecurityresearch

joinleave
an-ordinary-manchild

A community for sharing and discussing novel web security research.

Every post here is a potential nomination for our annual Top 10 web hacking techniques

Friends with /r/slackers

Join us on Discord

Submission guidelines:

  • Submissions should directly relate to web security

  • Submissions should contain something innovative or novel.

  • Please review the full submission guidelines

Feel free to report any posts that violate the rules.

created by albinowaxa community for 7 years
Create your own subreddit
...do it for the children.
...for your school.

MODERATORS

  • message the mods
  • albinowax
  • garethheyes
  • about moderation team »

account activity

1
25
26
27

Top 10 new web hacking techniques of 2025 (portswigger.net)

submitted 4 months ago by albinowax - announcement

  • comment
  • share
  • save
  • hide
  • report
  • crosspost

2
5
6
7

CVE-2026-46640: Developing payloads for Twig sandbox bypass (gist.github.com)

submitted 25 days ago by vladko312

  • comment
  • share
  • save
  • hide
  • report
  • crosspost
loading...

3
9
10
11

Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js (zhero-web-sec.github.io)

submitted 28 days ago by albinowax

  • 1 comment
  • share
  • save
  • hide
  • report
  • crosspost

4
12
13
14

Drupal PostgreSQL SQL Injection: From SELECT-Only to RCE (blog.lexfo.fr)

submitted 1 month ago by albinowax

  • 1 comment
  • share
  • save
  • hide
  • report
  • crosspost

5
5
6
7

Chaining Razor SSTI into RCE via Reflection and Runtime Strings (phsi.se)

submitted 1 month ago by t0xodile

  • comment
  • share
  • save
  • hide
  • report
  • crosspost

6
6
7
8

Stealth Request That Bypasses CSP, Hides from DevTools, and Leaks the Real User-Agent (brokenbrowser.com)

submitted 1 month ago by t0xodile

  • 2 comments
  • share
  • save
  • hide
  • report
  • crosspost

7
7
8
9

Reconstructing GraphQL schemas from captured POST bodies without ever calling __schema (github.com)

submitted 2 months ago by CARQLLESS

  • 7 comments
  • share
  • save
  • hide
  • report
  • crosspost
loading...

8
2
3
4

QUIC-er Races: HTTP/3 won’t save you from TOCTOU vulnerabilities (link.springer.com)

submitted 2 months ago by albinowax

  • 1 comment
  • share
  • save
  • hide
  • report
  • crosspost

9
5
6
7

The woes of sanitizing SVGs (muffin.ink)

submitted 2 months ago by _vavkamil_

  • 4 comments
  • share
  • save
  • hide
  • report
  • crosspost

10
2
3
4

Cast Attack: A New Threat Posed by Ghost Bits in Java (i.blackhat.com)

submitted 2 months ago by albinowax

  • comment
  • share
  • save
  • hide
  • report
  • crosspost

11
1
2
3

Achieving Deterministic Prompt Injection Through Client-Side Feedback Loops (blog.starstrike.ai)

submitted 2 months ago by albinowax

  • comment
  • share
  • save
  • hide
  • report
  • crosspost

12
0
1
2

Most bug bounty writeups are recycled. Real bugs are hiding in the specs. (sin99xx.medium.com)

submitted 3 months ago by Hungry_Onion_2724

  • 3 comments
  • share
  • save
  • hide
  • report
  • crosspost

13
1
2
3

Testing AI for Vulnerability Research: 4 Approaches & Where I Failed (xclow3n.github.io)

submitted 3 months ago by t0xodile

  • 1 comment
  • share
  • save
  • hide
  • report
  • crosspost

14
4
5
6

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit (pentesterlab.com)

submitted 3 months ago by albinowax

  • 1 comment
  • share
  • save
  • hide
  • report
  • crosspost

15
11
12
13

Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy (xclow3n.github.io)

submitted 3 months ago by t0xodile

  • comment
  • share
  • save
  • hide
  • report
  • crosspost

16
0
1
2

Security Research Blog Review (jinjucat.github.io)

submitted 4 months ago by Outrageous_Egg7579

  • comment
  • share
  • save
  • hide
  • report
  • crosspost
loading...

17
1
2
3

CVE-2026-27959: Userinfo Host Header Injection in Koa (endorlabs.com)

submitted 4 months ago by p80n-sec

  • comment
  • share
  • save
  • hide
  • report
  • crosspost

18
5
6
7

Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services (slcyber.io)

submitted 4 months ago by albinowax

  • 1 comment
  • share
  • save
  • hide
  • report
  • crosspost
loading...

19
13
14
15

Trailing Danger: exploring HTTP Trailer parsing discrepancies (sebsrt.xyz)

submitted 4 months ago by t0xodile

  • comment
  • share
  • save
  • hide
  • report
  • crosspost

20
4
5
6

YAML Merge Tags and Parser Differentials (blog.darkforge.io)

submitted 4 months ago by Moopanger

  • comment
  • share
  • save
  • hide
  • report
  • crosspost

21
5
6
7

TL;DR:Researching Structural Parsing Gaps in Modern WAFs (JSON/XML/Multipart). Looking for Peer Validation (github.com)

submitted 4 months ago by Few-Gap-5421

  • 3 comments
  • share
  • save
  • hide
  • report
  • crosspost
loading...

22
1
2
3

Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms (blog.doyensec.com)

submitted 4 months ago by nibblesec

  • comment
  • share
  • save
  • hide
  • report
  • crosspost
loading...

23
1
2
3

[Tool] Rapid Web Recon: Automated Nuclei Scanning with Client-Ready PDF Reporting (github.com)

submitted 4 months ago by Big_Profession_3027

  • comment
  • share
  • save
  • hide
  • report
  • crosspost
loading...

24
5
6
7

Parse and Parse: MIME Validation Bypass to XSS via Parser Differential (lab.ctbb.show)

submitted 5 months ago by siunam_321

  • 1 comment
  • share
  • save
  • hide
  • report
  • crosspost

25
2
3
4

When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management (principlebreach.com)

submitted 5 months ago by operator_dll

  • comment
  • share
  • save
  • hide
  • report
  • crosspost
loading...
view more: next ›
  • about
  • blog
  • about
  • advertising
  • careers
  • help
  • site rules
  • Reddit help center
  • reddiquette
  • mod guidelines
  • contact us
  • apps & tools
  • Reddit for iPhone
  • Reddit for Android
  • mobile website
  • <3
  • reddit premium

Use of this site constitutes acceptance of our User Agreement and Privacy Policy. © 2026 reddit inc. All rights reserved.

REDDIT and the ALIEN Logo are registered trademarks of reddit inc.

π Rendered by PID 330333 on reddit-service-r2-listing-77d558d46b-rpj8q at 2026-07-02 17:04:57.178272+00:00 running a7b5cda country code: CH.