
Exploiting API Framework FlexibilityTL;DR The modern frameworks are often very flexible with what they accept, and will happily treat a POST with a JSON body as interchangeable with a URL encoded body, or even with query parameters. Due to this, an unexploitable JSON XSS vector can sometimes be made exploitable by…
attack ships on fire
The unbridled ramblings of a security dinosaur.
By registering you agree to Substack's Terms of Service, our Privacy Policy, and our Information Collection Notice