Vikrant Singh Chauhan

Security Researcher and Software Developer

Welcome to eval.blog! Here I publish my research, technical papers, projects, and insights on systems programming, security, and artificial intelligence.

research

View all

Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App

Oct 21, 2023

Reported an OAuth token leak via open redirect in Harvest.

Breaking The Mutant Language's "Encryption (Writeup)"

Aug 15, 2023

AppSec Village DEF CON 31 CTF^2 (developer) winning entry. Bypassed the encryption and mutation techniques of the Mutant …

CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

Jul 29, 2021

Reported CVE-2021-27902 (XSS) and CVE-2021-27903 (SSTI) that can be chained together to gain Remote Code Execution in …

blog

View all

Simple Prompts to get the System Prompts

Dec 30, 2024

Exploring prompt injection techniques to extract hidden system prompts from popular AI wrappers and chatbots.

Utilizing unit testing frameworks as a vulnerability scanner

Jan 12, 2023

How to use unit testing frameworks like xUnit for automated vulnerability scanning and exploit development.

You don’t need xss.rocks/xss.js

Dec 27, 2020

Why data URLs are a powerful alternative to hosted JavaScript files for XSS testing and payload delivery.

projects

View all

Dissecting Apple

An effort to document Apple’s private frameworks, security posture, …

Project PURGE

Public OSINT data of bug bounty programs.

whack

Automagically generated wordlists.