Next.js 14 from a hacker's perspective Next.js 14 (and 13) introduced many attack vectors without providing the tooling necessary for organizations to detect them. It is easier than ever before to expose server secrets, introduce unauthenticated "endpoints" or any other issue that will make you vulnerable Dawid Moczadło 30 Oct 2023 · 4 min read
Tips Escalating debug mode in Django to RCE, SSRF, SQLi Security implications of DEBUG=true in Django. Learnings from an ethical hacker's perspective Dawid Moczadło 24 Oct 2023 · 3 min read
XSS Hacking Swagger-UI - from XSS to account takeovers We have reported more than 60 instances of this bug across a wide range of bug bounty programs including companies like Paypal, Atlassian, Microsoft, GitLab, Yahoo, ... Dawid Moczadło 16 May 2022 · 10 min read