Search results

  1. K

    Telegram WebApp: User Impersonation via initData

    Website Hacking Telegram WebApp: User Impersonation via initData Telegram WebApp uses a non-standard authentication model. The backend does not manage sessions directly and does not issue tokens. Instead, user identification is often derived from data sent by the client. When this data is...
  2. K

    Advanced XSS

    *** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***
  3. K

    Advanced IDOR — Part 2

    *** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***
  4. K

    Advanced IDOR Part 1

    *** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***
  5. K

    Website Hacking: Broken Access Control & IDOR

    *** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***
  6. K

    APPLE PAY CASHOUT METHOD

    Gg
  7. K

    Website Hacking: XSS & SQL Injection

    Website Hacking: XSS & SQL Injection This thread covers two classic but still highly relevant web vulnerabilities: Cross-Site Scripting (XSS) and SQL Injection (SQLi). Despite being well-known, both issues are still widely present in real-world applications — especially in legacy code, custom...
Top Bottom