Hii everyone, I hope you all are doing well, so this write up is all about how I combined the two different vulnerabilities to update the data of victim's account.

When I visited the profile page and tried to update the data, I found a CSRF token and I tried…


OSWAP ZAP is an open-source free tool and is used to perform penetration tests. The main advantage of ZAP is to allow easy penetration testing to find bugs in web applications.


  1. ZAP is reusable.
  2. It can generate reports.
  3. Best for beginners.
  4. It works on all platforms i.e.,(Windows, MacOS, Linux).


Nikto is an open-source web server assessment tool. It is designed to find several defaults and insecure files and programs on any type of web server.

Nikto can run on any platform that has a Perl environment. It supports proxies, host authentication, SSL, and more. It can update by itself…

Chillhack is a medium level challenge on TryHackMe. The start of the challenge requires finding a command injection bypass to get an initial shell. On that shell, you can execute a script that has fields you can manipulate to elevate to another user. As the other user, I find a…

Shivam Tahalani

Security Researcher

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store