Benasin's Space

Find me on , and .

• 2025-03-18
  OpenResty/lua-nginx-module HTTP Request Smuggling in HEAD requests - CVE-2024-33452
• 2024-04-06
  How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000
• 2023-04-05
  How I found my first CVE through hacktivity hunting?

• CVE-2023-0112:

  Stored XSS with CSP bypass in memos 0.9.0

• CVE-2023-47106:

  Incorrect processing of fragment in the URL leads to Authorization Bypass in traefik <= v2.10.5, <= v3.0.0-beta4

• CVE-2024-33452:

  Remote attacker can conduct HTTP request smuggling via crafted HEAD request in OpenResty/lua-nginx-module <= v0.10.26