cz chriscz // bug_hunter
Home Work Fitness / Life Web App API Security Cloud CTFs About Contact
chriscz@web:~$ ls ./web-app-security
WriteupsAbout →
$ ls ./web-app-security/

Web App Pentesting

Web application security writeups: injection, access control, XSS, and file upload issues.

Web application security writeups — injection, access control, XSS, and insecure uploads.

high Jul 12, 2025

IDOR

Intial Access after getting access to site page noticed are my account details but in the url there id of my of 1009 which sticks out to that are possibly more accounts on this site. Knowing this is tied to our this valu

#web_app_security
high Jul 12, 2025

SQL injection UNION attack, retrieving multi values

Initial Access Getting access to the app lets navigate to any area in the top menu to see products.L injection UNION attack, retrieving multiple values in a single column Area of interest the highlighted part of the url

#web_app_security
medium Oct 29, 2024

Insecure File Upload

Insure File Upload Insecure file upload is a vulnerability where an application allows the upload of files without proper validation and control. Now there is so many websites and apps use a file upload feature is a stan

#web_app_security
medium Oct 24, 2024

XXS Stored

XXS Stored Cross site is dangerous especially stored because its stored into the site and database and can’t be easily terminated from infecting the server hosting the site/sites. After researching how i can exploit this

#web_app_security
cz chriscz

Main place about my writeups as a hacker

Research
Work Fitness / life Web app pentesting API security Cloud pentesting CTFs
Links
GitHub LinkedIn HackerOne
Legal
About Contact security.txt

© 2026 chriscz — responsible disclosure only