Write ups by Hazana
    Navigation bar avatar

    Write ups by Hazana

    hazaña (ah-sah-nyah) - Noun 1.(achievement) a.feat b.exploit

    Bypassing Samesite Cookie Restrictions with Method Override

    Neat Samesite Bypass Trick

    Posted on July 30, 2023

    Post thumbnail
    Post thumbnail
    Bypassing Samesite Cookie Restrictions with Method Override [Read More]
    Tags: Samesite Cookie Bug Bounty Bypass

    Finding Unblocked Vectors for XSS

    Level up your XSS Game

    Posted on July 28, 2022

    Post thumbnail
    Post thumbnail
    When you have that feeling an input is vulnerable to XSS but something is blocking or removing the payload, you can use this relatively simple trick using Burp Suite’s Intruder to discover which XSS tags and attributes are able to bypass the block. [Read More]
    Tags: XSS Bug Bounty Bypass

    Dorking on Steroids

    Dorking at scale

    Posted on March 11, 2021

    Post thumbnail
    Post thumbnail
    It’s common knowledge Google dorking is a powerful tool for finding just about anything on targets. Furthermore it’s extra nice that Google has done the majority of the hard work for us, we just know have to know how to search for it. [Read More]
    Tags: google dorking dork Bug Bounty

    Escalating reflected XSS with HTTP Smuggling

    Increase impact of XSS

    Posted on February 11, 2021

    Post thumbnail
    Post thumbnail
    This vulnerability was found on a private programme, therefore parts have been redacted. [Read More]
    Tags: HTTP Smuggling XSS Bug Bounty

    Cors Blimey

    The power of chaining CORS

    Posted on January 28, 2021

    Post thumbnail
    Post thumbnail
    This vulnerability was found on a private programme, therefore parts have been redacted. [Read More]
    Tags: CORS XSS Bug Bounty
    • GitHub
    • Twitter

    Hazana  •  2023