Dont just sanitize but also escape – A fable of sanitize_text_field

The post talks about an interesting find of XSS even when the filter was used. It also covers the mistakes that a developer makes while sanitizing input.

4 Comments

May 21, 2021

HackTheBox / Information Security / linux / python

Doctor hackthebox walkthrough

Doctor is an easy linux machine from hackthebox. The initial foothold exploits SSTI/XSS and with splunkd you get the privilege escalation

0 Comments

January 12, 2021

Information Security

How to setup DVWA on kali linux

Setup you own lab to practice owasp top 10 using DVWA

0 Comments

April 27, 2020