Other
Groovy Script Console
File-Read
RCE
JsonP
Only useful if a jsonp endpoints requires authentication. A Victim at attacker.com will retrieve the data from victim.com and send its cookie along because of how jsonp works (Reference: https://www.sjoerdlangkemper.nl/2019/01/02/jsonp/).
Unicode Abuse
We can use some special characters like the dotless I to abuse "toUpperCase()", registering for example an admin email address. Reference: https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
Json to XML
Change JSON Post requests to XML Format, sometimes this works and can be used for XXE, e.g. https://twitter.com/11xuxx/status/1250764273623629826
HTTP/3 Clients
Interactive Shell from Web Shell
Timeless Timing Attacks against Remote Targets
The idea is to use HTTP2 to send multiple requests in one which allows us to measure the difference, by looking at which comes back first. Repeat this a lot to get some statistical relevance.
Create JWT from Secret Key via PyJWT
Last updated