#37

ModSecurity WAF bypasses

s0md3v shared a bunch of ways in which he bypassed ModSecurity WAF. I always learn new quirks from these articles. For example, did you know that on Linux, you can access a file using a character class? https://s0md3v.github.io/blog/modsecurity-rce-bypass

Escalating an unauthenticated, cookie-based XSS

Bartłomiej Bergier shared a nice writeup about finding and exploiting an XSS in an authentication cookie. In short, the road to success consisted of: finding a way to host an HTML file on the target’s subdomain creating a payload for an unauthenticated XSS because, as...

Bypassing server-side XSS sanitizers

A few issues ago, we talked about bypassing client-side HTML sanitizers in the context of XSS. Today, we’ll do the same but about bypassing server-side HTML sanitizers. Unfortunately, I had to redact some details from the draft article because the steps taken here led...

$100k in bounties and GitLab TOP4 in 16 months

We all have some people in bug bounty that we look up to. It’s often people that are in the industry pretty much since the beginning and they were doing web security even before bug bounty became a thing. There’s always a catch that they started in different times -...