Nirmal Dahal

Nirmal Dahal

I’ve been in the cybersecurity industry for a long time and have helped secure over 50+ enterprises against cyber threats. In April 2021, I was listed on the EC-Council’s “Global Ethical Hacking Leaderboard” among the top 10 ethical hackers in the world for the month of April 2021, Quarter 2. Due to my activities and expertise in the cyber security field, I’ve been featured in magazines and national newspapers. In Quarter 1 of 2017, I was listed as the top 25 hackers on the YESWEHACK platform which is Europe’s first BugBounty Platform.

MEGA's Unlimited Cloud Storage Vulnerability
November 17, 2022

MEGA's Unlimited Cloud Storage Vulnerability

Background Back in June 2022, I found a flaw in the MEGA cloud storage system that let me store more data than they permit for free accounts.

Read More
leveraging the SQL Injection to Execute the XSS by Evading CSP
July 12, 2022

leveraging the SQL Injection to Execute the XSS by Evading CSP

Although it sounds silly, I am dumb enough to do this.

Read More
XSS on Samy Pl
June 19, 2019

XSS on Samy Pl

In this article, I am going to explain a security issue that I found on a web site which is famous within the information security researchers.

Read More
CVE-2021-3258 | S-XSS to Defacement & Account Takeover [Q2A Themes]
August 21, 2017

CVE-2021-3258 | S-XSS to Defacement & Account Takeover [Q2A Themes]

In this article, I am going to share a POC (Proof of Concept) on a vulnerability that I found on a popular Forum Management System by Q2A.

Read More
Facebook SVG Locky Ransomware Analysis
November 22, 2016

Facebook SVG Locky Ransomware Analysis

This Is What Actually Facebook’s SVG Malware Is Doing. We Had Used W3School’s IDE While Analyzing The Malicious SVG File.

Read More
ByPassing EBay XSS Protection
September 11, 2016

ByPassing EBay XSS Protection

Hi there, today I want to share small proof of concept regarding “Reflective Cross-Site Scripting [ R-XSS ]” which I had found on eBay back in 2016.

Read More