WDIR
Good resources about web security that I have read.
Install / Use
/learn @gkhan496/WDIRREADME
23.07.2023
https://blog.doyensec.com/2023/07/18/streamlining-websocket-pentesting-with-wsrepl.html
Github
Blog-Posts & Write-ups
CVE-2020-13379-Write-Up/Unauthenticated SSRF on Grafana
How I exploit the JSON CSRF with method override technique
Multiple Ways to Exploiting PUT Method
Arbitrary code execution on Facebook for Android through download feature
WRITE UP – GOOGLE BUG BOUNTY: XSS TO CLOUD SHELL INSTANCE TAKEOVER (RCE AS ROOT) – $5,000 USD
CVE-2020-16171: Exploiting Acronis Cyber Backup for Fun and Emails
The Powerful HTTP Request Smuggling 💪
Forcing Firefox to Execute XSS Payloads during 302 Redirects
Active Content Injection with SVG Files
Open redirect to a complete account takeover
Finding Hidden Files and Folders on IIS using BigQuery
We Hacked Apple for 3 Months: Here’s What We Found
NGINX may be protecting your applications from traversal attacks without you even knowing
Exploring SSTI In Flask/Jinja2
Exploring SSTI In Flask/Jinja2 Part II
Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call
BugPoc LFI challenge Walkthrough
S2–016 (Apache Struts) Remote Code Execution Vulnerability
A Glossary of Blind SSRF Chains
Your Full Map To Github Recon And Leaks Exposure
Pentesting PostgreSQL with SQL Injections
Breaking GitHub Private Pages for $35k
Discovering GraphQL endpoints and SQLi vulnerabilities
GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425)
GHSL-2021-050: Unauthenticated abritrary file read in Jellyfin - CVE-2021-21402
http2smugl: HTTP2 request smuggling security testing tool
I Built a TV That Plays All of Your Private YouTube Videos
Facebook account takeover due to a bypass of allowed callback URLs in the OAuth flow
Facebook account takeover due to a wide platform bug in ajaxpipe responses
Regexploit: DoS-able Regular Expressions
Jackson Polymorphic Deserialization
DNS Based Out of Band Blind SQL injection in Oracle — Dumping data
Out-of-Band (OOB) SQL Injection
ExifTool CVE-2021-22204 - Arbitrary Code Execution
A tale of solving all the recent XSS challenges using chrome 1-day
Just Gopher It: Escalating a Blind SSRF to RCE for $15k
Angular And AngularJS For Pentesters - Part 1
Angular And AngularJS For Pentesters - Part 2
Web App Pen Testing in an Angular Context
Intro to the Content Security Policy (CSP)
Burp Suite Extensions: Rarely Utilized but Quite Useful
Burp Suite extensions that should get your attention!
SSRF in PDF Renderer using SVG
From Git Folder Disclosure to Remote Code Execution
XSS via postMessage in chat.mozilla.org
Arbitrary code execution on Facebook for Android through download feature
SSTI/Exploiting Go's template engine to get xss
Method Confusion In Go SSTIs Lead To File Read And RCE.
Finding and Exploiting Unintended Functionality in Main Web App APIs
Server Side Template Injection – on the example of Pebble
Handlebars template injection and RCE in a Shopify app
Hacking the Hackers: Leveraging an SSRF in HackerTarget
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
Hackerone Reports
Insufficient validation on Digits bridge
Arbitrary code execution in desktop client via OpenSSL config
Cross-account stored XSS at embedded charts
DOM XSS on duckduckgo.com search
Ability to generate shipping labels in another store orders
Full Read SSRF on Gitlab's Internal Grafana
Private list members disclosure via GraphQL
Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com
Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation
Open Redirect Leads to Account Takeover
Takeover an account that doesn't have a Shopify ID and more
HackerOne Jira integration plugin Leaked JWT to unauthorized jira users
Authorization Token on PlayStation Network Leaks via postMessage function
Access Token Smuggling from my.playstation.com via Referer Header
[SSRF vulnerabl
Security Score
Audited on Aug 19, 2025