Categoría: writeups

CSRF where token is tied to non-session cookie

CSRF where token is not tied to user session

Blind SQL injection with out-of-band data exfiltration

Blind SQL injection with out-of-band interaction

Blind SQL injection with time delays and information retrieval

Blind SQL injection with time delays

Username enumeration via subtly different responses

Password reset broken logic

2FA simple bypass

Username enumeration via different responses