Cross-Site Scripting (XSS) – The Bug Bounty Guide

XSS stands for Cross-Site Scripting, which is one of the attacks type on the Websites. In this article, I will be using https://xss-game.appspot.com to demonstrate how you can check for XSS bugs in different input parameters. They provide a wonderful platform where you can perform exercises on how XSS works. Level – 1: The first

vmware fit-guest-now

Fixing VMware “Fit Guest Now” Feature in Kali-linux: Solved

Recently, while upgrading my virtual machine, I was stumbled upon Greyed-out Fit Guest Now option. This is pretty exhausting as it only shows the console window but not the full Guest view. I took the following steps to make vmtools work again so I can get Fit Guest Now again: I uninstalled my VMware tools

Pubg Stuck on Loading Screen and Ping Error Solutions Android

Pubg (PlayerUnknown’s Battlegrounds) is being played world wide now. So many users is proportional to so many error. I have been playing pubg for about a week now and faced the following problems: 1. The selected server may have higher ping. 2. After Clicking on Start, The game keeps loading and the player’s arena doesn’t come

HackTheBox Node:1 Vulnhub CTF Walkthrough

Node CTF is available at: https://www.vulnhub.com/entry/node-1,252/ This Vulnerable machine Node is based on the new technologies and how we can hack into them. It uses Node Express server Json and hadoop. There are many ways to hack into the machine, here is my way. Let’s dive in the machine: If you are having problem with setting

SQL Injection on Base64 Encoded String Parameters

This article is a guide to perform SQL Injection on the Base64 encoded Url parameters. These parameters are encoded so as to make the site injection proof but that is a big myth. Recently I came across “www.somesite.com/index.php?pid=VkRGRk9WQlJQVDA9″ this kind of URLs. The pid here, “VkRGRk9WQlJQVDA9“. It is nothing but 4 times encoded base64 string,

OVERTHEWIRE NATAS SERIES: 24 – 25 LEVEL Walkthrough

Overthewire Natas 25 Level is based on strcmp() function vulnerability. Generally, strcmp() is used to compare two strings together, We need to generate some kind of error here so we can obtain the password for the next level. The code for the level is here: So, I tried a lot of ways to generate error

%d bloggers like this: