ProfessorXSS[Critical] — CrushFTP Virtual Filesystem Escape VulnerabilityOn April 19, 2024, CrushFTP reported a vulnerability in their FTP software where a virtual file system escape could enable users to…3 min read·Apr 28, 2024--1--1
ProfessorXSSXSS via Chat bot — Cloudflare Bypassed😉In this article will see how I can able to execute XSS payload via chatbot3 min read·Jan 13, 2023--12--12
ProfessorXSSEasy Stored XSS Worth Letter of Appreciation from GUVI 💪 💪In my previous article, I explained the Cloudflare WAF bypass with a simple payload. In this article, I used the same payload to bypass the…3 min read·Jan 12, 2023--1--1
ProfessorXSSBlind SSRF → PHP-Info() DisclosureHello Folks, in this article let’s see how I got the PHP Info file disclosed via Blind SSRF.3 min read·Dec 26, 2022--9--9
ProfessorXSSReflected XSS — CloudFlare WAF Bypass 😉Sometimes simple payloads help to bypass the WAF filter.3 min read·Dec 13, 2022--3--3
ProfessorXSSIDOR allows me to Download everyone's Marks Card from my university website🔥🔥🔥🔥I already explained in my previous article → IDOR is everywhere.3 min read·Dec 12, 2022--1--1
ProfessorXSSApplication DDOS due to Improper Character Limitation 🔥🔥If a developer doesn’t enforce the character limit on the user-supplied field may bring the application server down, due to the unhandled…5 min read·Dec 3, 2022--1--1
ProfessorXSSIDOR is Everywhere 😁 You need to find themPrivilege Escalation, IDOR, and Access Control bugs are my favorite nowadays, I found them everywhere 🤷♂️4 min read·Nov 28, 2022--8--8
ProfessorXSSYou Can Break the Developer's Logic Easily 🤫 A 10th-Class BugYes, true! I don’t know why developers will do these kinds of mistakes while writing code 🤷♂️ anyone who analyses the flow can break…2 min read·Nov 20, 2022--5--5
ProfessorXSSOne Easy Account Takeover 😉Just replaced my email ID to victim email ID and Boom !!3 min read·Nov 17, 2022--1--1