Posts - Page 39 of 87
HTTP Desync Attack 에 대해 알아보자(HTTP Smuggling attack re-born, +My case)
6 min read
Today’s content is Korean content for HTTP Desync Attacks. Based on the link below to this article. and can get more accurate information by referring to the this document.
onload*(start/end) event handler XSS(Any browser)
~1 min read
Hi hackers. Last time I wrote about onpointer * xss, I write a not well-known event-handle for xss now. (https://www.hahwul.com/2019/07/onpoint-xss-payload-for-bypass-xss-protection.html)
onpoint* XSS Payload for bypass blacklist base event-handler xss filter
1 min read
Hi hackers. I crafted XSS payloads for bypass event handler protection. it is just simple code.
JSONP Hijacking
3 min read
Hi hackers. It’s a long time I didn’t write blog post. I found JSONP Hijacking a not SOP case. I’m going to briefly explain it. 오랜만에 SOP우회가 아닌 JSONP Hijacking 발견해서 간략하게 내용 풀어봅니다.
Event handler for mobile used in XSS (ontouch*)
~1 min read
Some event handlers do not appear in the OWASP list. It is a touch event like ontouch*. It is a limited item on mobile devices, so it has a less effective effect than general purpose, but it is a good item to trigger XSS.
HTTP Request(ZAP, Burp) Parsing on Ruby code
1 min read
XSpear 관련해서 이런 건의사항이 하나 있었습니다. Burp, ZAP 등에서 사용하는 패킷 데이터를 파일로 저장한 후 옵션을 주어 읽으면 자동으로 URL, Header 등을 파싱해서 사용하는 형태를 말씀하신 것 같습니다.(마치 sqlmap의 그것 처럼)
Displaying cli base table at ruby application on terminal
~1 min read
I Simply write it (for note). It is easy to develop using terminal-table.
XSS payload for escaping the string in JavaScript
~1 min read
오늘 오후쯤 신기한 페이로드를 하나 찾아서 메모해뒀다가 글로 작성해봅니다. 아마도 자바스크립트 내부에 코드가 삽입되었지만 문자열을 탈출할 수 없을 때 사용할 수 있으며 이런 형태의 패턴이 들어가는 곳도 은근히 있을 것 같습니다.
ZAP Send to Any tools(+Send to Burp Scanner)
~1 min read
Hi friends?! I shared post the applications
settings in ZAP yesterday. I’m going to share some of the settings that I was writing separately today. Let’s get started, my go-to settings :)
How to use SDCard directory in Termux(not rooted)
~1 min read
Use sdcard directory on Termux
1) run termux-setup-storage
command on termux terminal