In this write-up, we’ll see how I identified a remote code execution vulnerability and bypassed the Akamai WAF rule(s). While I was doing a security scan, I noticed an endpoint that incorporates user-controllable data into a string and reflects it back in the response. Noticing the reflection of the text…
In this writeup, I am going to explain my approach towards solving the Wacky XSS Challenge. The challenge is primarily about bypassing Content Security Policy (CSP) and DOM Clobbering due to insecure coding practice.