The multipart request body format turns out to be really challenging for WAFs or reverse proxies, which often allows you to just hide a payload from them instead of bypassing them directly. This blog post shows six different methods to achieve that....
#84
Story of a Cloud Architecture Diagramming Tool gone wrong
This blog post goes over a story of one of Google’s applications that eventually led it to be taken down because of XSSes, path traversals, and a lot of data disclosure. Basically, everything. https://jdomeracki.github.io//2024/11/09/sketchy_cheat_sheet/
Exploring the DOMPurify library: Bypasses and Fixes
Kévin Mizu comes back to the newsletter for the second issue in a row. This time, with a blog post about DOMPurify bypasses and some mXSSes. If you think you know HTML, read it and I guarantee you will change your mind. I certainly know nothing about HTML, but...
Breaking the most popular Web Application Firewalls in the market
This blogpost covers WAF bypasses for XSSes and SQLis in as many as 16 different providers! It is definitely a place to go if you’re encountering a WAF. https://nzt-48.org/breaking-the-most-popular-wafs
From an Android Hook to RCE: $5000 Bounty
One of the first things that you learn when learning security is that everything that’s on the client-side is untrusted. Even if it’s encrypted. This blog post shows it really well how a client-side encryption in the mobile app was used to obfuscate a functionality...
Switching from pentesting to bug bounty – 6 things I had to change
If you’re a web pentester, you’re hacking web applications. If you want to do web bug bounty, you’re also going to hack web applications. It sounds like it should be an easy transition. However, for many, it isn't. It certainly wasn't for me. I like to draw an...