BigTree CMS - XSS Vulnerability in Version 4.4.7 - 2020

New Year, New Updates 🎆🎉 - End of Year Zero

The beginning of something great.

[CVE-2019-19466] SCEditor - XSS Vulnerability in Version 2.1.3 - Third month

We have raised enough stationaries for a class! 📝 - Second month

We raised enough funds to buy a school bag! 🎒 - First Month

We raised enough funds to buy a pen! 🖊️ - Making The World Better With Technology

"Leave the world better than you found it"

List Comprehension(Python) Addiction

return ["addiction" for i in 10]

Keeping Your Web Application Alive

Ah, ha, ha, ha, stayin' alive, stayin' alive

SQLmap Commands: A Tutorial on SQLmap With Examples (Updated 2019)

Select * from table where read_post = '' or 1=1--'

Unorthodox SQLi Prevention

Discovered an interesting way of preventing SQL injection during a source code review.

Persistent XSS Leading To Financial Lost (Hypothetical Scenario)

A completely hypothetical scenario I came up with when learning about digital marketing.

Tmux Tutorial: An Easy Guide with Screenshots and Examples (2018 Update)

There were many times I wished I could run a script on a VPS without staying connected to the instance via SSH. You could use Tmux to achieve this.

[CVE-2018-12030] Chevereto Free - XSS Vulnerability in Version 1.0.12

HIBP's Pwned Passwords API Usage

Data breaches happen all the time. Let's check for compromised credentials in style!

NUS Orbital Journey

Solving a problem that affects writers and publishers by creating a marketplace to bridge the connection.

[CVE-2017-17902] Kliqqi CMS - SQL Injection Vulnerability in Version 3.5.2

[CVE-2017-17889] Kliqqi CMS - XSS Vulnerability in Version 3.5.2

Domain Privacy: Exposing Personal Information Unknowingly

T-Mobile Austria - A Case Study on Bad Password Management

tldr; Don't store you password in plain-text and educate your non-tech employees on approaches to addressing sensitive topics.

Cross-Site Scripting (XSS)

I get pleasure from alert/confirm/prompt boxes. So take my pleasure away by ensuring proper sanitization.

Static Web Page: Using Hugo, Gitlab, CloudFlare and

In this post, I will discuss the different considerations made before converting this blog to a static blog while maintaining the speed and security aspect.

Cloudflare Review: A Comprehensive Guide

I love free stuff, free is good. Cloudflare's freemium model is beneficial to all parties. Read on to find out what benefits you can get for free!

When To Report a Security Bug

I submitted 2 security reports for application meant for a single user 🤦 fml.

What Should a Lay Person Know About Cybersecurity?

The first step to being a l33t [email protected] Just kidding.

[CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4

[CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4

prismjs CDN: Implementation of Syntax Highlighting in Ghost CMS

Abusing Formspree

Website Considerations: Guide on Setting up a Website

Bypass IP address filter using SSH forwarding

Web Worker Tutorial: A Guide in Using HTML5 Web Workers

How to Test for CSRF Vulnerability

I was asked "what is CSRF?" during my first internship interview. I couldn't answer so I hope you could.

[CVE-2015-2289] Serendipity CMS – XSS Vulnerability in Version 2.0

[CVE-2015-2082] UNIT4 Prosoft HRMS XSS Vulnerability

BEdita CMS – XSS and CSRF Vulnerability in Version 3.5.0

[CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2