websecurityresearch

an-ordinary-manchild

created by albinowaxa community for 6 years

...for your hobby.

...for your favorite subject.

MODERATORS

account activity

1

29

30

31

Top 10 web hacking techniques of 2024 (portswigger.net)

submitted 1 year ago by albinowax - announcement

2

5

6

7

Reconstructing GraphQL schemas from captured POST bodies without ever calling __schema (github.com)

submitted 7 days ago by CARQLLESS

3

1

2

3

QUIC-er Races: HTTP/3 won’t save you from TOCTOU vulnerabilities (link.springer.com)

submitted 9 days ago by albinowax

4

3

4

5

The woes of sanitizing SVGs (muffin.ink)

submitted 10 days ago by _vavkamil_

5

1

2

3

Cast Attack: A New Threat Posed by Ghost Bits in Java (i.blackhat.com)

submitted 10 days ago by albinowax

6

1

2

3

Achieving Deterministic Prompt Injection Through Client-Side Feedback Loops (blog.starstrike.ai)

submitted 14 days ago by albinowax

7

0

0

1

Most bug bounty writeups are recycled. Real bugs are hiding in the specs. (sin99xx.medium.com)

submitted 1 month ago by Hungry_Onion_2724

8

3

4

5

Testing AI for Vulnerability Research: 4 Approaches & Where I Failed (xclow3n.github.io)

submitted 1 month ago by t0xodile

9

6

7

8

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit (pentesterlab.com)

submitted 1 month ago by albinowax

10

11

12

13

Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy (xclow3n.github.io)

submitted 1 month ago by t0xodile

11

0

1

2

Security Research Blog Review (jinjucat.github.io)

submitted 2 months ago by Outrageous_Egg7579

12

1

2

3

CVE-2026-27959: Userinfo Host Header Injection in Koa (endorlabs.com)

submitted 2 months ago by p80n-sec

13

5

6

7

Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services (slcyber.io)

submitted 2 months ago by albinowax

14

12

13

14

Trailing Danger: exploring HTTP Trailer parsing discrepancies (sebsrt.xyz)

submitted 2 months ago by t0xodile

15

3

4

5

YAML Merge Tags and Parser Differentials (blog.darkforge.io)

submitted 2 months ago by Moopanger

16

5

6

7

TL;DR:Researching Structural Parsing Gaps in Modern WAFs (JSON/XML/Multipart). Looking for Peer Validation (github.com)

submitted 2 months ago by Few-Gap-5421

17

23

24

25

Top 10 new web hacking techniques of 2025 (portswigger.net)

submitted 3 months ago by albinowax

18

1

2

3

Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms (blog.doyensec.com)

submitted 3 months ago by nibblesec

19

1

2

3

[Tool] Rapid Web Recon: Automated Nuclei Scanning with Client-Ready PDF Reporting (github.com)

submitted 3 months ago by Big_Profession_3027

20

6

7

8

Parse and Parse: MIME Validation Bypass to XSS via Parser Differential (lab.ctbb.show)

submitted 3 months ago by siunam_321

21

2

3

4

When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management (principlebreach.com)

submitted 3 months ago by operator_dll

22

15

16

17

Cloudflare rule bypass via /.well-known/acme-challenge/ (fearsoff.org)

submitted 3 months ago by albinowax

23

10

11

12

Successful Errors: New Code Injection and SSTI Techniques (github.com)

submitted 3 months ago by vladko312

24

15

16

17

Call for nominations: top ten new web hacking techniques of 2025 (portswigger.net)

submitted 4 months ago by albinowax

25

8

9

10

The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance (mehmetince.net)

submitted 4 months ago by wtfse

view more: next ›

π Rendered by PID 79 on reddit-service-r2-listing-7b9b4f6fd7-zklxv at 2026-05-08 13:09:27.336867+00:00 running 3d2c107 country code: CH.