Hi, I'm Bazudewa
Software Engineer

Over 5 years of professional experience in software development. Passionate about cybersecurity and secure coding practices. Skilled in a wide range of modern technologies, focus on Backend development.

Experience

  1. 1

    Game Programer at SLAB Game

    Worked on Godot Engine , Roblox Script using lua.

  2. 2

    Freelance Software Enginer

    Delivering client projects ranging from web apps to automation tools. current tech TALL Stack

  3. 3

    Full Stack Developer at Primakara college

    focus on building web applications for internal company using the Laravel framework.

Big Professional Image

Writeups & Research Logs

2025-04-22

Web shell upload via obfuscated file extentiony First Writeup

Bypassed file upload filter using null byte (%00) to upload a PHP web shell, causing Remote Code Execution (RCE) due to weak server-side validation.

2025-04-25

Web Cache Poisoning with multiple headers

Web cache poisoning via X-Forwarded headers enables injecting malicious scripts by poisoning cached responses, risking credential theft and session hijacking.

2025-04-26

Targeted web cache poisoning using an unknown header

Targeted web cache poisoning via unvalidated X-Host header enables delivering malicious JavaScript to specific users, risking session hijacking and data theft.

2025-04-27

Web cache poisoning via an unkeyed query parameter

Web cache poisoning via unkeyed UTM query parameter allows injecting malicious JavaScript into cached pages, risking stored XSS attacks on users.

2025-04-29

Parameter Cloaking

Parameter cloaking with unkeyed UTM and ‘;’ separator enables cache poisoning, allowing attackers to inject scripts that execute on victim browsers.

2025-04-30

Web cache poisoning via a fat GET request

Web cache poisoning via fat GET request with body allows script injection due to improper parameter parsing, enabling XSS and session hijacking risks.

Projects

Box Cache Tester

Box Cache Tester

Box Cache Tester is a command-line tool built in Rust for testing web cache behavior, especially useful for detecting and testing cache poisoning vulnerabilities. It supports customizing request headers, stripping response headers, and detecting reflected content in HTML responses with colorized terminal output.

View on GitHub
Box Downloader

Box Downloader

BOX Downloader is a parallel file downloader built with Rust, utilizing multiple threads to download a file in parts and then merging them into a complete file. This is useful for large files that can benefit from parallel downloading.

View on GitHub
Bruteforce Testing Auth System

Bruteforce Testing Auth System

A simple Rust-based HTTP brute force tool that supports dynamic parameters, wordlist combinations, and high-performance concurrency using tokio.

View on GitHub