摘要:
In one day I decided to stop hunting Bugs in Facebook Mobile android , IOS and Windows phone apps and start hunting bugs in facebook.com website. I sa 阅读全文
摘要:
var submitListener:Object = new Object(); submitListener.click = function(evt:Object) { var result_lv:LoadVars = new LoadVars(); var send_lv:LoadVars 阅读全文
摘要:
aaa 阅读全文
摘要:
Hello all so this post is about how I was able to hijack ton’s of domains/subdomains who using Instapage if there service got expired. What is instapa 阅读全文
摘要:
Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service provi 阅读全文
摘要:
TLDR C'mon, show me the XSS domain takeover 5 mins later… So how did you take over the domain? So is this bad? 阅读全文
摘要:
I was bug hunting on a site which looked like this: POST /snip/snippet.php HTTP/1.1 <?xml version="1.0"?> I tested in BURP for XSS in XML, and it work 阅读全文
摘要:
dig @8.8.8.8 ANT photo.facebook.com 意思查询所有的参数 阅读全文
摘要:
flash与环境之间交互的几种情况:1、swf加载本域图片等(视频/jpg/gif/png/swf...)无限制2、swf加载跨域图片等(视频/jpg/gif/png/swf...)无限制使用loader3、swf请求本域数据等(txt/jsp/php/.net...)无限制4、swf请求跨域数据等... 阅读全文
摘要:
Unfortunately,MicrosoftSQLServer'sSQLdialectTransact-SQLdoesnotsupportreadingandwritingfilesinaneasywayasopposedtoMySQL'sLOAD_FILE() functionandINTOOU... 阅读全文