Archive - attack ships on fire

New

Exploiting TRACE

TL;DR The presence of the TRACE method is generally considered to be at best an informational finding (and in isolation, I wouldn’t disagree with that…

Aug 4 •

attack ships on fire

December 2022

Exploiting API Framework Flexibility

TL;DR The modern frameworks are often very flexible with what they accept, and will happily treat a POST with a JSON body as interchangeable with a URL…

Dec 17, 2022 •

attack ships on fire

November 2022

Exploiting CORS Misconfigurations

TL;DR If you can find an unrestricted CORS endpoint, that also responds to the HTTP override headers, then potentially you can use it to access…

Nov 26, 2022 •

attack ships on fire

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts