Research 11

• IoT Dataset Research: Curating Realistic Traffic for Security Analysis Dec 12, 2023
• My Journey in CVE Research: From Discovery to Disclosure Dec 1, 2023
• Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated) Jan 8, 2022
• Online Veterinary Appointment System v1.0 — Multiple SQL Injection via id in Appointment Details) Jan 5, 2022
• Hospital's Patient Records Management System v1.0 - 'id' SQL Injection (Authenticated) Dec 30, 2021
• Hospitals Patient Records Management System v1.0 — IDOR (Account Takeover) Dec 20, 2021
• CVE-2021-44228 (Log4Shell) — Field Notes from a Focused Web-App Review Dec 13, 2021
• WordPress Advanced Ticket System < 1.0.64 — Authenticated Stored XSS in Ticket Metadata Oct 1, 2021
• WP Ticket (Customer Service Software & Support Ticket System) < 5.10.4 — Admin+ Stored XSS via Unsanitized List Fields (CVE-2021-24622) Oct 1, 2021
• WP Courses LMS < 2.0.44 — Authenticated Stored XSS via 'Video Embed Code' Oct 1, 2021
• Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS) Oct 1, 2021