attack ships on fire
Subscribe
Sign in
Home
Archive
About
Exploiting Reflected Input Via the Range Header
TL;DR Reflected input is often unexploitable because the attack ends up in a place which stops it working, such as inside a quoted attribute.
Dec 19, 2024
•
attack ships on fire
6
Share this post
attack ships on fire
Exploiting Reflected Input Via the Range Header
Copy link
Facebook
Email
Notes
More
February 2024
Exploiting CSP Wildcards for Google Domains
TL;DR The Google developer documentation includes CSP examples which use domain wildcards (which have been widely cut & pasted), and additionally there…
Feb 29, 2024
•
attack ships on fire
1
Share this post
attack ships on fire
Exploiting CSP Wildcards for Google Domains
Copy link
Facebook
Email
Notes
More
3
Exploiting Cacheable Responses
TL;DR The main browsers share their cache between Fetch requests and normal navigation.
Feb 20, 2024
•
attack ships on fire
2
Share this post
attack ships on fire
Exploiting Cacheable Responses
Copy link
Facebook
Email
Notes
More
Exploiting Unsynchronised Clocks
TL;DR According to data from RIPE, over 40% of computers attached to the Internet have a few seconds of clock drift, which with the right combination of…
Feb 11, 2024
•
attack ships on fire
Share this post
attack ships on fire
Exploiting Unsynchronised Clocks
Copy link
Facebook
Email
Notes
More
August 2023
Exploiting TRACE
TL;DR The presence of the TRACE method is generally considered to be at best an informational finding (and in isolation, I wouldn’t disagree with that).
Aug 4, 2023
•
attack ships on fire
Share this post
attack ships on fire
Exploiting TRACE
Copy link
Facebook
Email
Notes
More
December 2022
Exploiting API Framework Flexibility
TL;DR The modern frameworks are often very flexible with what they accept, and will happily treat a POST with a JSON body as interchangeable with a URL…
Dec 17, 2022
•
attack ships on fire
2
Share this post
attack ships on fire
Exploiting API Framework Flexibility
Copy link
Facebook
Email
Notes
More
November 2022
Exploiting CORS Misconfigurations
TL;DR If you can find an unrestricted CORS endpoint, that also responds to the HTTP override headers, then potentially you can use it to access…
Nov 26, 2022
•
attack ships on fire
3
Share this post
attack ships on fire
Exploiting CORS Misconfigurations
Copy link
Facebook
Email
Notes
More
3
Share
Copy link
Facebook
Email
Notes
More
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
