Image Credit https://github.com/dcurtis/markdown-mark
This post outlines my experience with markdown & how its integrated in my workflow. This is specially useful if you are starting with markdown and / or want to see how others use markdown. For someone who doesn’t know what’s markdown this could be a simpler path to get the right direction.
Markdown for uninitiated is a plain text formatting syntax. Read more details here
This post is about a vulnerability disclosure around DOM XSS which as forgotten somewhere during the process and i encountered it recently and then went on my way to get it fixed. This post outlines various learnings and observations i made during this effort.
This post discusses WordPress Comment XSS affecting version 4.2 or below. I have outlined the internal working of this specific XSS.
This post outlines my efforts to bring in markdown focused workflow for creating presentations. The tool allows setting up automated workflow leveraging markdown and Reveal.js.
This post outlines my new tool which allows users to clone entire set of public repositories of a specific user or organization. This can also be used to create a backup of all repositories.
This post outlines my experiments when i found a .git folder was publicly exposed during one of the pentests and realized all known methods and articles were not helping.
While experimenting with WordPress i was tasked with a situation where i am suppose to present some static text content on the website. However uploading a text file was out of question and the author wanted to keep everything controlled inside WordPress.
Earlier today @Rsnake posted about a flaw in how wordpress handles the attachments
I just tested this on a big celeb gossip site and it worked, the horror: http://t.co/Chbl6RQlWi
— Robert Hansen (@RSnake) July 18, 2013
Here is my observation on the same listed below
Many a times web application pen-testers are encountered with the presence of .svn folders. For those not aware .svn folder is used by SVN version control system to perform its operations. For a blackbox pentester this folder contains huge amount of information.
This post is about way in which we can run IronWASP on linux / Mac. I have created a shell script which should help in the setup.