@mouhannadlrx0.bsky.social
Reposted
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
November 27, 2024 at 9:10 AM
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Reposted
Pro tip for if you have XSS but you can only use upper case:
aem1k.com/transliterat...
transliterate.js by @aemkei.bsky.social works great!
aem1k.com/transliterat...
transliterate.js by @aemkei.bsky.social works great!
transliterate.js
Translate any JavaScript code to foreign writing systems. Created by Martin Kleppe aka @aemkei.
aem1k.com
December 4, 2024 at 10:06 AM
Pro tip for if you have XSS but you can only use upper case:
aem1k.com/transliterat...
transliterate.js by @aemkei.bsky.social works great!
aem1k.com/transliterat...
transliterate.js by @aemkei.bsky.social works great!
Reposted
⚠️Challenge time again⚠️
It is based on a real-world situation. Use the HTML injection to leak the flag to an external domain ☃️
This time, send solutions in DM; we don't want to spoil the fun. I also might want to patch any obvious blunder I made creating it
joaxcar.com/xss/outer.ht...
It is based on a real-world situation. Use the HTML injection to leak the flag to an external domain ☃️
This time, send solutions in DM; we don't want to spoil the fun. I also might want to patch any obvious blunder I made creating it
joaxcar.com/xss/outer.ht...
December 18, 2024 at 2:04 PM
⚠️Challenge time again⚠️
It is based on a real-world situation. Use the HTML injection to leak the flag to an external domain ☃️
This time, send solutions in DM; we don't want to spoil the fun. I also might want to patch any obvious blunder I made creating it
joaxcar.com/xss/outer.ht...
It is based on a real-world situation. Use the HTML injection to leak the flag to an external domain ☃️
This time, send solutions in DM; we don't want to spoil the fun. I also might want to patch any obvious blunder I made creating it
joaxcar.com/xss/outer.ht...
Reposted
In Chrome:
Object.values(this)[165].bind(this)()
Object.values(this)[165].bind(this)()
January 27, 2025 at 4:41 PM
In Chrome:
Object.values(this)[165].bind(this)()
Object.values(this)[165].bind(this)()