I don’t know what the title of this one is yet.
This format will be more like my “mind dump”-type posts.
pandoc has a
--ascii flag. This fixes the conversion of single-quotes to unicode apostrophes.
I have a lot of Twitter backlog to harvest:
You can bypass xss & open redirect or ssrf protections whit emojis Ex: javas♥️c😂ript:prompt`1` ht🕸️tp://12🎀126.96.36.199
#writeup Google bug bounty: LFI on production servers in (link: http://springboard.google.com) springboard.google.com – $13,337 USD Short story about why u must always check for dirs in 302 status pages because you will surprise that some directories listing will work (link: https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/) omespino.com/write-up-googl… #Bugbounty #infosec
Cloudflare WAF events Bypass: if ><tag onxxxx=alert(1)> is filtered, try ><tag onxxxx=a;alert(1)> and your done #bugbounty #infosec
sed(1) can use delimiters other than slash. Especially useful when you want to match a url, like: sed -i 's#http://example.local/foo##' urls.txt
What if researchers hit vulnerable open services online with spoilers? Or used them in PoCs for exploits when submitting bug bounties? echo -e "\033[0;31mSnape kills Dumbledore" | nc -nv ... "><script>confirm("Thanos Marries Tony Stark");</script><!--