As a web penetration tester, I utilized my skills to exploit vulnerabilities on the FastFood-Hacking website, successfully identifying and exploiting Open Redirect and Local File Inclusion (LFI) vulnerabilities.@ireteeh @jay_hunts @akintunero @cyb3rf034r3ss @RedHatPentester

✅ 03:45:37 hrs manual hunting .✅ 00:00:00 hrs Learning.Vulnerabilities reported:.CSRF ✅.PII disclosure✅. Onward to the next challenge. 🐞

RT @ChelseaFC: CHAMPIONS OF THE WORLD.

RT @damnGruz: bro will replace AI

✅ 03:45:37 hrs manual hunting .✅ 02:23:26 hrs Learning.Vulnerability in search:. Cross site scripting (xss) ✅.CSRF .❌ Bug reported.#xss. Onward to the next challenge. 🐞.@ireteeh @40sp3l @Dghost_Ninja @RedHatPentester @h4ruk7

Good night 😣😫

It's time to learn from the day 🤓

RT @mrR0bust: Video on how I solved the @PortSwigger Web Security Academy Lab: Exploiting HTTP REQUEST SMUGGLING to perform web cache poiso….

RT @commando_skiipz: Vulnerable Bank is Now Live! 🚀. I'm excited to announce that VulnBank is officially live and accessible at https://t.c….

RT @mrR0bust: Solved an Expert Lab on @PortSwigger by exploiting #HTTP request smuggling to perform web cache poisoning. It is one thing….

RT @asher_kine: always seize the good weather. ❤️

ready-to-test CSRF POC HTML exploit ✅

CSRF where token is tied to non-session cookies 🍪.New video tomorrow ✅

I’m currently learning CSRF. What vulnerability are you working on?

When you see this logo, what comes to your mind?

RT @Dghost_Ninja: Guys! Finally done with the tool. It's an API discovery tool that intercepts, crawls and records API endpoints as you man….

👀

@40sp3l @Dghost_Ninja @elormkdaniel @h4ruk7 @ireteeh @RedHatPentester.

I just dropped a practical demo on exploiting CSRF when tokens aren’t tied to user sessions. 👇 Comment, share, and follow me on YouTube for more real-world web exploitation content. #CyberSecurity #CSRF #BugBounty #WebHacking.

The request was accepted, confirming that the token was not tied to the session. 4️⃣ I created and hosted a proof-of-concept exploit on my exploit server, which successfully changed the victim’s email address when they visited the page while logged in.