#81

A Guide To Subdomain Takeovers 2.0

Subdomain takeovers are not my thing but if they’re yours, go and read this guide. It described not only techniques for finding subdomain takeovers but also multiple ways to exploit them to show the maximum impact....

The website with known CSP bypasses

Renniepak created a website where we can all find known CSP bypasses. It’s great because I’m nowhere near remembering all these and, unfortunately, I also don’t have a habit of writing these things down when I encounter them. Not to mention they are difficult to...

Using YouTube to steal your files

This writeup involves multiple open redirects, iframes, and then more open redirects and ends up with clickjacking that gives the attacker access to your GDrive files. It also is another example that if you actually understand clickjacking and you create a good POC,...

Automating XXE hunt with AI

Personally, I don’t test for XXEs as often as I should. One of the reasons is that, especially for a docx-based XXE, it’s quite a lot of work to put the payload, repackage the archive etc. STÖK is someone that loves XXE and he wrote a series of tweets describing how...

Content-Type research

BlackFan has a great GitHub repo with some research about the Content-Type header. If you want to see what response content types allow XSS or which request CT values cause the preflight request to be sent, this is the place to go....