Recent content by KloudFish

K
Telegram WebApp: User Impersonation via initData

Website Hacking Telegram WebApp: User Impersonation via initData Telegram WebApp uses a non-standard authentication model. The backend does not manage sessions directly and does not issue tokens. Instead, user identification is often derived from data sent by the client. When this data is...
- KloudFish
- Thread
- Jan 14, 2026
- Replies: 7
- Forum: Hacking
K
Advanced XSS

*** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***
- KloudFish
- Thread
- Jan 3, 2026
- Replies: 6
- Forum: Hacking
K
Advanced IDOR — Part 2

*** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***
- KloudFish
- Thread
- Jan 1, 2026
- Replies: 6
- Forum: Hacking
K
Advanced IDOR Part 1

*** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***
- KloudFish
- Thread
- Dec 31, 2025
- Replies: 7
- Forum: Hacking
K
Website Hacking: Broken Access Control & IDOR

*** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***
- KloudFish
- Thread
- Dec 30, 2025
- Replies: 20
- Forum: Hacking
K
APPLE PAY CASHOUT METHOD

Gg
- KloudFish
- Post #134
- Dec 29, 2025
- Forum: Apple Pay and Google Pay
K
Website Hacking: XSS & SQL Injection

Website Hacking: XSS & SQL Injection This thread covers two classic but still highly relevant web vulnerabilities: Cross-Site Scripting (XSS) and SQL Injection (SQLi). Despite being well-known, both issues are still widely present in real-world applications — especially in legacy code, custom...
- KloudFish
- Thread
- Dec 29, 2025
- Replies: 6
- Forum: Hacking

Recent content by KloudFish

Telegram WebApp: User Impersonation via initData

Advanced XSS

Advanced IDOR — Part 2

Advanced IDOR Part 1

Website Hacking: Broken Access Control & IDOR

APPLE PAY CASHOUT METHOD

Website Hacking: XSS & SQL Injection