Every hacker has a different hacking style. Some of them are absolutely fascinating to me like the hacking style of Inti. He likes to simply read the docs or RFCs and do the research. It almost sounds too stupid to work but his findings prove it does. In his recent...
Hacking Techniques
Inti’s research on phone numbers (RFC3966)
I am a huge fan of Inti. He just reads RFCs carefully and finds good bugs by implementing what’s written there. This time, he took a look at the phone number formats and, among others, popped an alert on Google. For now, the talk is available if you are NahamSec’s...
When frameworks say one thing but they mean another…
HEAD is a method that’s kinda like a GET but without a response body. It’s not that commonly used but useful in some contexts so frameworks want to support it. Moreover, they want to support it without the explicit work required from developers. Thus, many frameworks...
Exploiting Open Graph and oEmbed protocols
Whenever we share a link over social media, a preview like this shows up. To be honest, I thought it’s coded separately for services like YouTube and for smaller ones, it’s just extracted from the page’s title, its URL and maybe some smart crawling functionalities...
Connection Contamination
I still feel like HTTP/2 is a relatively new thing but already, James Kettle looks forward to what threats will occur in HTTP/3. In this article, he describes connection contamination - a technique that you can use to escalate your XSS on one target’s subdomain into...
DEF CON 30 Presentations
The presentations from DEF CON 30 are now available on YouTube! I haven’t watched any of them yet but one that sounds very interesting to me is DEF CON 30 - Dongsung Kim - CSRF Resurrections Starring the Unholy Trinity The whole playlist:...
Hiding parameters from ModSecurity WAF
There are more interesting WAF bypasses that were discovered during the 1337up0522 live hacking event. This time, by terjanq, who came back from a CTF retirement for a few hours and smashed the hardest web challenges on SEKAI CTF that I’ve played with JustCatTheFish....
Prototype-related bugs
Christoffer Jerkeby wrote an article about prototype-related bugs. It has the term “prototype poisoning” in the title and while reading the article, I thought it’s used interchangeably with “prototype pollution” but turns out they are different things. To read about...
A single codesearch worth thousands of bugs
There are some vulnerabilities where I think to myself “How on Earth did they make such a stupid mistake?” but there are also ones where I’m not at all surprised that the developer didn’t know about a quirk of a language or a framework. Today, I will show you an...
ModSecurity WAF bypasses
s0md3v shared a bunch of ways in which he bypassed ModSecurity WAF. I always learn new quirks from these articles. For example, did you know that on Linux, you can access a file using a character class? https://s0md3v.github.io/blog/modsecurity-rce-bypass