Open in app
Home
Notifications
Lists
Stories

Write
Gaurav Mishra
Gaurav Mishra

Home

Nov 15, 2020

RCE via Server-Side Template Injection

In this write-up, we’ll see how I identified a remote code execution vulnerability and bypassed the Akamai WAF rule(s). While I was doing… — In this write-up, we’ll see how I identified a remote code execution vulnerability and bypassed the Akamai WAF rule(s). While I was doing a security scan, I noticed an endpoint that incorporates user-controllable data into a string and reflects it back in the response. Noticing the reflection of the text…

7 min read

RCE via Server-Side Template Injection
RCE via Server-Side Template Injection

Published in The Startup

·Nov 10, 2020

BugPoC XSS Challenge- Wacky

Introduction — Introduction In this writeup, I am going to explain my approach towards solving the Wacky XSS Challenge. The challenge is primarily about bypassing Content Security Policy (CSP) and DOM Clobbering due to insecure coding practice. Challenge Rules You must alert(origin) showing https://wacky.buggywebsite.com You must bypass CSP It must be reproducible…

Bugpoc

5 min read

BugPoC XSS Challenge- Wacky
BugPoC XSS Challenge- Wacky
Gaurav Mishra

Gaurav Mishra

Following
  • Asem Eleraky

    Asem Eleraky

  • South Park Commons

    South Park Commons

  • Vickie Li

    Vickie Li

  • Adam Świderski

    Adam Świderski

  • Ozgur Alp

    Ozgur Alp

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable