ne555inInfoSec Write-upsBypassing WAF to Weaponize a Stored XSSWhile testing a bug bounty program, I’ve noticed my <u>html injection</u> payload worked while spraying it to every field that is reflected…4 min read·May 17, 2022--3--3
ne555inInfoSec Write-upsMultiple HTTP Redirects to Bypass SSRF ProtectionsAlways try more than one HTTP 302 redirects when testing for SSRF4 min read·Jan 29, 2022--1--1