gocha oqradze

Harvest urls from wayback and using with Eyewitness

Self reflect XSS on the portswigger web security academy JWT lab

ffuf + raw request + Burp Suite

Aero Photo/Video

RCE with Burp Suite intruder + Regex

Harvest urls from wayback and using with Eyewitness

jaeles plugin for burp suite

Detect file path traversal by Burp Suite intruder + regext

jaeles and XSS signature (How to use jaeles)

GraphQL - OS Command injection

CRLF Injection with Burp Bounty for Burp Suite

JWT attack - Exploiting JKU Header injection

JWT Attack - Signature is not checked

Directory Listing - Active scan

File path traversal ffuf + regex

Login page Brute Force with ffuf

Common Files

s3 Bucket Takeover by me

crlf injection on

XSS from jpg with Amazon S3 Bucket

JWT Attack - Weak Key - Secret Brute force with Hashcat

JWT Attack - Exploiting X5C Header

Dom XSS1

JWT Attack - Secret Brute force with Hashcat

JWT Attack - Exploiting X5U Header injection

GraphQL - Chain Introspection with SQLi

Dom XSS2

JWT Attack - JWK - JSON Web Key injection

Reflect XSS with Content-Type: text/xml

Reflect XSS 1

Chain File Upload with XSS

Check Time based SQLi

ჯვრის ტბა

From CRLF to XSS on