Luke Chen (@showuon1) 's Twitter Profile
Luke Chen

@showuon1

ID: 1181176518560497664

calendar_today07-10-2019 11:56:48

21 Tweet

58 Followers

135 Following

Intigriti (@intigriti) 's Twitter Profile Photo
Intigriti
@intigriti

5 years ago

If you don't read this week's #BugBytes, you'll be missing a juicy file upload vulnerability to bypass AWS signing, Sam Curry's sensitive secrets and Sebastian Neef wordpress madness. Subscribe or miss out! 👇 go.intigriti.com/bugbytes-60

xxux11 ᯲ ̸ (@11xuxx) 's Twitter Profile Photo
xxux11 ᯲ ̸
@11xuxx

4 years ago

XXE 1. change password func -> JSON 2. converted to XML -> 200 OK 3. created dtd file on my ec2 and started webserver on port 80 4. crafted a XXE payload! 5. bounty! Always convert POST/PUT/PATCH body to xml and resend req, don't forget to change the content-type. #bugbountytips

XXE 1. change password func -> JSON 2. converted to XML -> 200 OK 3. created dtd file on my ec2 and started webserver on port 80 4. crafted a XXE payload! 5. bounty! Always convert POST/PUT/PATCH body to xml and resend req, don't forget to change the content-type. #bugbountytips
Luke Chen (@showuon1) 's Twitter Profile Photo
Luke Chen
@showuon1

3 years ago

I should "thank you"~ :)