sh1yo’s blog

Fuzzing JWT

A way to automate the generation of JWT with the help of mitmproxy.
Read more ⟶

[] Cross-Site Websockets Hijacking

The module was vulnerable to cross-site websocker hijacking attack due to the incorrect parsing of the http Origin header.
Read more ⟶


Invalid UTF-8 characters could trigger cPanel to use the Legacy Login page. This page did not adequately encode output. This could allow for an attacker to inject arbitrary JavaScript code into the rendered page.
Read more ⟶