All authors
heroxo9868

heroxo9868

€0 Documented
21 Views

1
Writeups
5
Cheatsheets
0
Tools
21
Views
€0
Documented

Writeups by heroxo9868

HTML Injection (CWE-79)High PRO

HTML Injection to DoS (P2)

HTML Injection is a web security vulnerability that occurs when an application fails to properly sanitize or validate user-supplied input before rendering it in a web page. As a result, an attacker can insert arbitrary HTML code into the page, which is then displayed and executed in the browsers of other users. This can allow the attacker to manipulate the structure or content of the page, inject misleading elements, or create malicious links, potentially compromising user trust and the integrity of the website.

heroxo9868heroxo9868
4
Mar 14, 2026
CVSS7.5
€0

Cheatsheets by heroxo9868

SQL Injection (CWE-89) PRO

SQLi (SQL Injection) Cheatsheet

Learn the fundamentals of SQL injection, including common exploitation techniques, WAF evasion methods, and essential payloads used during security testing and bug bounty hunting.

heroxo9868heroxo9868
3
Mar 14, 2026
Other PRO

SSL/TLS certificates Cheatsheet

Learn how to use sslscan to identify weak encryption configurations, deprecated SSL/TLS protocols, and potential security issues during web security assessments.

heroxo9868heroxo9868
5
Mar 14, 2026
XML External Entities (XXE) (CWE-611) PRO

XXE (XML External Entity) Cheatsheet

This cheatsheet provides a quick reference for exploiting and testing XML External Entity (XXE) vulnerabilities. It includes common payloads, techniques for file disclosure, SSRF, blind XXE exploitation, out-of-band exfiltration, and typical XML structures used during testing. It is intended as a practical guide to quickly identify and exploit XXE in different scenarios and parser configurations.

heroxo9868heroxo9868
1
Mar 14, 2026
Other PRO

Bug Bounty Cheatsheet

A collection of bug bounty and security testing resources covering common web vulnerabilities, exploitation techniques, reconnaissance methods, and security tools. It includes guides, real-world write-ups, checklists, and tools for testing issues like XSS, SQL injection, SSRF, file uploads, authentication bypasses, cloud misconfigurations, and subdomain enumeration.

heroxo9868heroxo9868
2
Mar 14, 2026
Cross-site Scripting (XSS) - Generic (CWE-79) PRO

XSS (Cross-Site Scripting) Cheatsheet

Master Cross-Site Scripting (XSS), including injection techniques, common attack vectors, WAF evasion methods, and advanced Content Security Policy (CSP) bypass techniques.

heroxo9868heroxo9868
6
Mar 14, 2026

Tools by heroxo9868

No tools yet.

Collections by heroxo9868

No public collections yet.