.png)
2 weeks ago
41 BOOK THIS SPACE FOR AD
ARTICLE AD
بسم الله الرحمن الرحيم
Hello, I’m 0x_karim from Morocco, passionate about cybersecurity, particularly in discovering vulnerabilities in websites and applications. I enjoy analyzing systems, identifying weaknesses, and working on improving their security. I’m always eager to enhance my skills through continuous learning and participating in cybersecurity challenges. I believe in contributing to making the digital space safer for everyone.😊
Before we begin , this is a private program, so let’s give it a name target.com
the first step was to gather all the javascript file namesI entred the files names that were collected into chatgpt and asked him to create 100 new javascript files in the same format that the website followsI performed fuzzing on all the javascript input points on the website, and one file worked for me /js/test-test.js → this is an aliasstart analyzing javascript file i found an endpoint leak information on user -> https://target.com/test/testI tried many vulnerabilities on this endpoint, but it appears to be well-secured however after testing “web cache decepection”it turned out to be vulnerable, as it stores user information if added “/hack.css” → https://target.com/test/test/hack.css , the victim information will be stored on “/hacker.css” so that if the attacker open https://target.com/test/test/hack.css he will be able to steal the victim data
Bengali (Bangladesh) · 
English (United States) ·