ASafety

ASafety, des projets qui vous tiendront @coeur…

Apr

2017

A subdomain of Mozilla.org has several XSS vulnerabilities and an HTTP Response Splitting vulnerability.

This article illustrates the exploitation of an HRS (HTTP Response Splitting) in order to elevate it in a reflected XSS through a concrete example: Mozilla. When searching for vulnerable (sub)-domains as part of a Bug Bounty program, the subdomain dictionary attack.

Jul

2016

Self-XSS are a very special case of XSS, where the victim and the attacker as one and the same person. The attacker is able to execute an injection in the browser, but only he can do. How to raise and exploit such injection to gain criticality?

tl; dr: Use WYSINWYC technique to.

Read more

Recent Posts

[BreizhCTF 2k19] Write-Up – Web : OctogoneBoobaKaarris

Apr 14, 2019

(Français) [BreizhCTF 2k18] Write-Up – Web : Basique Simple Simple Basique

Apr 23, 2018

(Français) [BreizhCTF 2k18] Write-Up – Web : Chinoiseries

Apr 23, 2018

(Français) Links & blogs

(Français) My GitHub
Information-Security
0xbadcoded
Synetis

Catégories

News

Network and system administration

ASafety News

Database & SQL

BreizhCTF

BSD

Contributions

Cryptanalyze

Cryptography

Cryptology

Miscellaneous

Forensic

HRS

Invisibility & camouflage

NDH2k18

Opensource

OS

PHP Object Injection

Programming & Development

Projects & tools

Reverse-Engineering

Stéganographie

Vulnerabilities, exploits and PoC

Windows

XSS

Archives

April 2019

April 2018

April 2017

July 2016

May 2016

April 2016

March 2016

January 2016

November 2015

October 2015

September 2015

April 2015

March 2015

January 2015

December 2014

September 2013

August 2013

July 2013

May 2013

April 2013

March 2013

February 2013

January 2013

December 2012

November 2012

October 2012

September 2012

August 2012

July 2012

June 2012

May 2012

Recent Posts

[BreizhCTF 2k19] Write-Up – Web : OctogoneBoobaKaarris

Apr 14, 2019

(Français) [BreizhCTF 2k18] Write-Up – Web : Basique Simple Simple Basique

Apr 23, 2018

(Français) [BreizhCTF 2k18] Write-Up – Web : Chinoiseries

Apr 23, 2018

Popular Posts

[PoC-XSS] Leveraging Self-XSS via WYSINWYC

Jul 24, 2016

[Contribution] Mozilla – HTTP Response Spliting, Reflected & Stored XSS

Apr 03, 2017

[BreizhCTF 2k19] Write-Up – Web : OctogoneBoobaKaarris

Apr 14, 2019

Recent Comments
How strong is visualCaptcha? – Config9.com on [Tool] Breaking 100% VisualCaptcha.net solution
Stego Challenge – Milkshake – Ahmet AKAN on [CTF NDH 2016 Quals] Write-Up – Steganalysis : Stegano-Sound
Exe2PowerShell: Pour uploader un fichier binaire via un shell / WarezienS on [Windows / DOS / PowerShell] File upload in command line – one liner
Exe2PowerShell – Pour uploader un fichier binaire via un shell – Korben | Webissimo | All the links on [Windows / DOS / PowerShell] File upload in command line – one liner

Copyright ASafety © 201X. All Rights Reserved.