Amal PK
@0xkratos.bsky.social
Cyber Security Researcher | CTF Player | VAPT
Pinned
Amal PK
@0xkratos.bsky.social
· Jul 5
Host Header Injection: How One Header Can Break Your Web App
Discover how Host Header Injection works, its risks, real-world attack examples, and steps to secure your web applications from this hidden threat.
blog.amalpk.in
Wrote a blog on Hostheader injection and how we can use this to manipulate the forgot password Link.
blog.amalpk.in/host-header-...
#cybersecurity #bugbounty #bug #web #vapt #hacking
blog.amalpk.in/host-header-...
#cybersecurity #bugbounty #bug #web #vapt #hacking
Reposted by Amal PK
🏖️🐻 Les Logiciels Libres de l'été, jour 32 :
Vulhub : un projet Open Source offrant des environnements vulnérables préconstruits basés sur Docker-Compose. Idéal pour tester et apprendre la gestion des vulnérabilités, chaque environnement inclut un guide d'installation et d'utilisation.
Vulhub : un projet Open Source offrant des environnements vulnérables préconstruits basés sur Docker-Compose. Idéal pour tester et apprendre la gestion des vulnérabilités, chaque environnement inclut un guide d'installation et d'utilisation.
July 22, 2025 at 7:30 PM
🏖️🐻 Les Logiciels Libres de l'été, jour 32 :
Vulhub : un projet Open Source offrant des environnements vulnérables préconstruits basés sur Docker-Compose. Idéal pour tester et apprendre la gestion des vulnérabilités, chaque environnement inclut un guide d'installation et d'utilisation.
Vulhub : un projet Open Source offrant des environnements vulnérables préconstruits basés sur Docker-Compose. Idéal pour tester et apprendre la gestion des vulnérabilités, chaque environnement inclut un guide d'installation et d'utilisation.
Reposted by Amal PK
🔗 Liens utiles Vulhub :
👉 Le projet : github.com/vulhub/vu...
👉 En savoir plus : https://vulhub.org/
Sponsorisez Vulhub ❤️ : github.com/sponsors/...
👉 Le projet : github.com/vulhub/vu...
👉 En savoir plus : https://vulhub.org/
Sponsorisez Vulhub ❤️ : github.com/sponsors/...
July 22, 2025 at 7:30 PM
🔗 Liens utiles Vulhub :
👉 Le projet : github.com/vulhub/vu...
👉 En savoir plus : https://vulhub.org/
Sponsorisez Vulhub ❤️ : github.com/sponsors/...
👉 Le projet : github.com/vulhub/vu...
👉 En savoir plus : https://vulhub.org/
Sponsorisez Vulhub ❤️ : github.com/sponsors/...
Reposted by Amal PK
Most open redirects are low-severity or N/A.
But used creatively, they can become high impact gadgets.
Here are 4 ways to show impact with open redirects:
But used creatively, they can become high impact gadgets.
Here are 4 ways to show impact with open redirects:
July 7, 2025 at 9:37 AM
Most open redirects are low-severity or N/A.
But used creatively, they can become high impact gadgets.
Here are 4 ways to show impact with open redirects:
But used creatively, they can become high impact gadgets.
Here are 4 ways to show impact with open redirects:
Wrote a blog on Hostheader injection and how we can use this to manipulate the forgot password Link.
blog.amalpk.in/host-header-...
#cybersecurity #bugbounty #bug #web #vapt #hacking
blog.amalpk.in/host-header-...
#cybersecurity #bugbounty #bug #web #vapt #hacking
Host Header Injection: How One Header Can Break Your Web App
Discover how Host Header Injection works, its risks, real-world attack examples, and steps to secure your web applications from this hidden threat.
blog.amalpk.in
July 5, 2025 at 3:23 AM
Wrote a blog on Hostheader injection and how we can use this to manipulate the forgot password Link.
blog.amalpk.in/host-header-...
#cybersecurity #bugbounty #bug #web #vapt #hacking
blog.amalpk.in/host-header-...
#cybersecurity #bugbounty #bug #web #vapt #hacking
NoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database.
Read my new Blog here:
blog.amalpk.in/nosql-inject...
Read my new Blog here:
blog.amalpk.in/nosql-inject...
NoSQL injection
NoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database
blog.amalpk.in
May 17, 2025 at 10:21 AM
NoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database.
Read my new Blog here:
blog.amalpk.in/nosql-inject...
Read my new Blog here:
blog.amalpk.in/nosql-inject...
Reposted by Amal PK
Reposted by Amal PK
We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.
portswigger.net/research/sha...
portswigger.net/research/sha...
February 20, 2025 at 1:24 PM
We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.
portswigger.net/research/sha...
portswigger.net/research/sha...
Client-Side Path Traversal (CSPT): The Overlooked Vulnerability.
Read more about this on my new blog: 0xkratos.medium.com/client-side-...
#cybersecurity #bugbounty #hacking
Read more about this on my new blog: 0xkratos.medium.com/client-side-...
#cybersecurity #bugbounty #hacking
Client Side Path Traversal (CSPT) - A Deep Dive into an Overlooked Vulnerability
Exploring Client-Side Path Traversal (CSPT): How Attackers Exploit API Requests to Bypass Security and Exfiltrate Data
0xkratos.medium.com
March 11, 2025 at 11:51 AM
Client-Side Path Traversal (CSPT): The Overlooked Vulnerability.
Read more about this on my new blog: 0xkratos.medium.com/client-side-...
#cybersecurity #bugbounty #hacking
Read more about this on my new blog: 0xkratos.medium.com/client-side-...
#cybersecurity #bugbounty #hacking
Reposted by Amal PK
Check out the newest version here:
portswigger.net/web-security...
Null byte tricks:
portswigger.net/web-security...
portswigger.net/web-security...
Null byte tricks:
portswigger.net/web-security...
URL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 Edition | Web Security Academy
This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS ...
portswigger.net
March 5, 2025 at 1:35 PM
Check out the newest version here:
portswigger.net/web-security...
Null byte tricks:
portswigger.net/web-security...
portswigger.net/web-security...
Null byte tricks:
portswigger.net/web-security...
Reposted by Amal PK
This article on Solr and its (in)security is really good 💎
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
www.hacefresko.com/posts/rce-on...
A very fancy way to obtain RCE on a Solr server
www.hacefresko.com
March 7, 2025 at 8:32 PM
This article on Solr and its (in)security is really good 💎
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
Reposted by Amal PK
🛠️ waymore: Tip #1 📝
By default, waymore will get URLs and download responses (-mode B).
If you just want URLs, then use "-mode U".
If you just want to download archived responses, then use "-mode R".
🤘
By default, waymore will get URLs and download responses (-mode B).
If you just want URLs, then use "-mode U".
If you just want to download archived responses, then use "-mode R".
🤘
March 9, 2025 at 11:18 PM
🛠️ waymore: Tip #1 📝
By default, waymore will get URLs and download responses (-mode B).
If you just want URLs, then use "-mode U".
If you just want to download archived responses, then use "-mode R".
🤘
By default, waymore will get URLs and download responses (-mode B).
If you just want URLs, then use "-mode U".
If you just want to download archived responses, then use "-mode R".
🤘
Reposted by Amal PK
Reposted by Amal PK
Yesterday I discovered a tweet of mine was referenced in the book "Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation"
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
February 12, 2025 at 8:19 AM
Yesterday I discovered a tweet of mine was referenced in the book "Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation"
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
Reposted by Amal PK
made an archive collection site thing for all the x3ctf web design stuff i did
the intro/outro can be rewatched with websocket replay data (eg the messages and synced mouse cursors)
and the platform itself has emulations for auth and flags and stuff
u can check it out at x3c.tf/archive/
the intro/outro can be rewatched with websocket replay data (eg the messages and synced mouse cursors)
and the platform itself has emulations for auth and flags and stuff
u can check it out at x3c.tf/archive/
February 9, 2025 at 10:00 PM
made an archive collection site thing for all the x3ctf web design stuff i did
the intro/outro can be rewatched with websocket replay data (eg the messages and synced mouse cursors)
and the platform itself has emulations for auth and flags and stuff
u can check it out at x3c.tf/archive/
the intro/outro can be rewatched with websocket replay data (eg the messages and synced mouse cursors)
and the platform itself has emulations for auth and flags and stuff
u can check it out at x3c.tf/archive/
Simple Blog about PHP Type Juggling
Read More: 0xkratos.medium.com/php-type-jug...
#cybersecurity #bugbounty #bug #php #programming
Read More: 0xkratos.medium.com/php-type-jug...
#cybersecurity #bugbounty #bug #php #programming
PHP Type Juggling Vulnerabilities: How Attackers Exploit Loose Comparisons
PHP type juggling can lead to security vulnerabilities. Learn how attackers exploit it and how to secure your web applications.
0xkratos.medium.com
February 6, 2025 at 3:05 PM
Simple Blog about PHP Type Juggling
Read More: 0xkratos.medium.com/php-type-jug...
#cybersecurity #bugbounty #bug #php #programming
Read More: 0xkratos.medium.com/php-type-jug...
#cybersecurity #bugbounty #bug #php #programming
Wrote a blog about Web Cache Deception.
Read here: 0xkratos.medium.com/web-cache-de...
#WebSecurity #cybersecurity #pentesting #InfoSec #bugbbounty
Read here: 0xkratos.medium.com/web-cache-de...
#WebSecurity #cybersecurity #pentesting #InfoSec #bugbbounty
Web Cache Deception: Understanding and Mitigating Security Risks
Learn about Web Cache Deception and Cache Poisoning, how they exploit misconfigured caches, and tips to prevent these vulnerabilities in…
0xkratos.medium.com
January 30, 2025 at 7:35 AM
Wrote a blog about Web Cache Deception.
Read here: 0xkratos.medium.com/web-cache-de...
#WebSecurity #cybersecurity #pentesting #InfoSec #bugbbounty
Read here: 0xkratos.medium.com/web-cache-de...
#WebSecurity #cybersecurity #pentesting #InfoSec #bugbbounty
Reposted by Amal PK
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique.
portswigger.net/research/byp...
portswigger.net/research/byp...
January 28, 2025 at 2:01 PM
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique.
portswigger.net/research/byp...
portswigger.net/research/byp...
Reposted by Amal PK
Is there a way to run alert() when "alert" is blocked by a WAF and unsafe-eval is not allowed?
January 27, 2025 at 2:35 PM
Is there a way to run alert() when "alert" is blocked by a WAF and unsafe-eval is not allowed?
CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability!
A critical vulnerability in Windows Object Linking and Embedding (OLE) technology, which enables remote code execution (RCE) with a CVSS severity score of 9.8.
Read more: 0xkrat0s.github.io/posts/CVE-20...
A critical vulnerability in Windows Object Linking and Embedding (OLE) technology, which enables remote code execution (RCE) with a CVSS severity score of 9.8.
Read more: 0xkrat0s.github.io/posts/CVE-20...
CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability
Overview CVE-2025-21298 is a critical vulnerability in Windows Object Linking and Embedding (OLE) technology, which enables remote code execution (RCE) with a CVSS severity score of 9.8. OLE is a prop...
0xkrat0s.github.io
January 27, 2025 at 7:07 AM
CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability!
A critical vulnerability in Windows Object Linking and Embedding (OLE) technology, which enables remote code execution (RCE) with a CVSS severity score of 9.8.
Read more: 0xkrat0s.github.io/posts/CVE-20...
A critical vulnerability in Windows Object Linking and Embedding (OLE) technology, which enables remote code execution (RCE) with a CVSS severity score of 9.8.
Read more: 0xkrat0s.github.io/posts/CVE-20...
A good old trick for bypassing WAF/filters while testing for command injection using shell globbing / wildcard expansion.
Read More: 0xkrat0s.github.io/posts/Shell-...
#bash #waf #bypass #bugbounty. #cybersecurity
Read More: 0xkrat0s.github.io/posts/Shell-...
#bash #waf #bypass #bugbounty. #cybersecurity
Bypassing Web Application Firewalls with Shell Globbing
Bypassing Web Application Firewalls with Shell Globbing Introduction Web Application Firewalls (WAFs) are a critical line of defense for modern web applications, meticulously inspecting incoming traff...
0xkrat0s.github.io
January 26, 2025 at 9:33 AM
A good old trick for bypassing WAF/filters while testing for command injection using shell globbing / wildcard expansion.
Read More: 0xkrat0s.github.io/posts/Shell-...
#bash #waf #bypass #bugbounty. #cybersecurity
Read More: 0xkrat0s.github.io/posts/Shell-...
#bash #waf #bypass #bugbounty. #cybersecurity
Suggest me some topics for my blog!
Link: 0xKrat0s.github.io
#bugbounty #infosec #cybersecurity #bug #hacking #tech
Link: 0xKrat0s.github.io
#bugbounty #infosec #cybersecurity #bug #hacking #tech
Amal PK
A blog about everything.
0xKrat0s.github.io
January 25, 2025 at 10:04 PM
Suggest me some topics for my blog!
Link: 0xKrat0s.github.io
#bugbounty #infosec #cybersecurity #bug #hacking #tech
Link: 0xKrat0s.github.io
#bugbounty #infosec #cybersecurity #bug #hacking #tech
Reposted by Amal PK
First blog post of the new year and this is one I've been meaning to write up for a while which is some details on #Kubernetes API Server proxy feature and how it might be possible to use some known weaknesses in it to escalate your privileges in a cluster.
raesene.github.io/blog/2025/01...
raesene.github.io/blog/2025/01...
Exploring the Kubernetes API Server Proxy
raesene.github.io
January 18, 2025 at 12:54 PM
First blog post of the new year and this is one I've been meaning to write up for a while which is some details on #Kubernetes API Server proxy feature and how it might be possible to use some known weaknesses in it to escalate your privileges in a cluster.
raesene.github.io/blog/2025/01...
raesene.github.io/blog/2025/01...
The Simpsons 'Prediction' !
Internet Blackout On January 16, 2025?
:(
Internet Blackout On January 16, 2025?
:(
January 15, 2025 at 6:54 PM
The Simpsons 'Prediction' !
Internet Blackout On January 16, 2025?
:(
Internet Blackout On January 16, 2025?
:(
Reposted by Amal PK
Just published a new blog post "Exploring Javascript events & Bypassing WAFs via character normalization", check it out: 0x999.net/blog/explori...
0x999's Blog - Exploring Javascript events & Bypassing WAFs via character normalization
0x999.net
November 18, 2024 at 6:07 PM
Just published a new blog post "Exploring Javascript events & Bypassing WAFs via character normalization", check it out: 0x999.net/blog/explori...
Reposted by Amal PK
To summarize what I have learned about Mutation XSS, my CVE, and the solution to my challenge, I wrote a post going through it all.
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
Post: Mutation XSS: Explained, CVE and Challenge | Jorian Woltjer
Learn how to bypass HTML sanitizers by abusing the intricate parsing rules and mutations. Including my CVE-2024-52595 (lxml_html_clean bypass) and the solution to a hard challenge I shared online
jorianwoltjer.com
November 27, 2024 at 4:01 PM
To summarize what I have learned about Mutation XSS, my CVE, and the solution to my challenge, I wrote a post going through it all.
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...