Vaibhav Kumar SrivastavaBrowser Extension Security Testing: Part 1A browser extension, also known as a browser add-on or plugin, is a small software program that extends the functionality of a web browser…4 min read·Apr 23, 2024----
Vaibhav Kumar SrivastavaCitrix Bleed: CVE-2023–4966CVE-2023–4966, another vulnerability associated with Citrix, presents a significant concern. This sensitive information disclosure…3 min read·Oct 28, 2023----
Vaibhav Kumar SrivastavaCVE-2023–32315: Administration Console authentication bypassOpenfire is an open-source XMPP (Extensible Messaging and Presence Protocol) server that enables real-time communication through instant…3 min read·Jul 29, 2023----
Vaibhav Kumar SrivastavaCitrix Gateway XSS & Open Redirection (CVE-2023–24488)Hello, everyone! The Citrix gateway CVE has been in the news a lot over the last few weeks. Let’s explore how one can identify the…2 min read·Jul 27, 2023----
Vaibhav Kumar SrivastavaThe Cost of Neglect: HTML InjectionI understand that you have already read several blogs on HTML injection, but this one is not solely focused on HTML injection. Instead, it…2 min read·May 15, 2023--2--2
Vaibhav Kumar SrivastavaAccount Takeover (Insecure Design+ Response manipulation)Hey Everyone! Let’s learn something new as it is going to be fun learning today.3 min read·Jan 30, 2023--1--1
Vaibhav Kumar SrivastavaPSScriptAnalyzer: SAST Tool for PowerShell ScriptPowerShell Script Analyzer, also known as PSScriptAnalyzer, is a static code analysis tool (SAST tool), which examines the PowerShell…3 min read·Oct 7, 2022----
Vaibhav Kumar SrivastavaBypassing Cloudflare WAF with Host header manipulationHey Folks! Thanks for your responses on my last blog. Let’s learn something new today as it is going to be damn interesting one.3 min read·Jun 26, 2022--9--9
Vaibhav Kumar SrivastavaAccount Takeover by OTP bypassHey everyone! This bypass is little bit interesting and you will get to learn a lot hopefully.3 min read·Jun 19, 2022--2--2
Vaibhav Kumar SrivastavaFrauds on Instagram (Part 1)I would love to call them Frauds instead of hackers because they are using cheap social engineering tricks to manipulate naïve people and…4 min read·Jun 18, 2022--1--1