Web Apps

Strengthen your web applications with tutorials and tips from the Raxis penetration testing team. Find insights to uncover and fix vulnerabilities.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

Articles Categorized as Web Apps

  • CVE-2026-36748: XSS in Rock RMS Leads to Privilege Escalation
    CVE-2026-36748: XSS in Rock RMS Leads to Privilege Escalation
    Raxis Lead Pentester Jason Taylor recently discovered CVE-2026-36748, a high-risk XSS vulnerability in Rock RMS that allows privilege escalation to admin.
    Read More
  • AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest
    AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest
    On a recent web app pentest, Andrew Trexler used AI to find client-side code that stopped his brute-force attack then used AI again to thwart that code.
    Read More
  • Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
    Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
    Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue.
    Read More
  • The Growing Threat: Attackers Using GitHub Repositories as Malware Staging Mechanisms
    The Growing Threat: Attackers Using GitHub Repositories as Malware Staging Mechanisms
    Recent attacks, including GitVenom and Lumma Stealer, underscore the threat of Attackers using GitHub repositories as malware staging mechanisms.
    Read More
  • Cross-Site Scripting (XSS): Cookie Theft - Advanced Payloads
    Cross-Site Scripting (XSS): Cookie Theft – Advanced Payloads
    We reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. Learn about cookie theft, website defacement, and CSRF attacks.
    Read More
  • OWASP Top 10
    OWASP Top 10 for 2025: What’s New in Web Application Security
    The OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category.
    Read More