cc @BenHayak @filedescriptor @0x6D6172696F @0xSobky @garethheyes @kinugawamasato @molnar_g @cgvwzq et. al :)
-
-
-
When will you post the solution?
@avlidienbrunn
End of conversation
New conversation -
-
-
Done, but can't pm you the solution as you seem have private messaging disabled.pic.twitter.com/9GdqmZ1aR4
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Guess who is collecting polyglots. Sneaky .. sneakkyyyyy!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
After getting some sleep, I found it easier
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@VikzSharma try it bro :pThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Hey buddy, Is valid set other page to caputre and craft the header? or must to be only using your domain?
-
You need to pop an alert in origin https://avlidienbrunn.se if I understand it correctly. Any hints?
-
You need to craft a link that will trigger an XSS payload in avlidienbrunn.se origin
-
the solution is related to header injection? CRLF injjection? I will try later
-
The goal of such a challenge is to find it by yourself. Just dig it with Burp and ask yourself how you can craft this link, pure logic


- End of conversation
New conversation -
-
-
I don't understand why there's no "Referer disallowed" message in BurpSuite's repeater.
-
Referer header is to be defined by your browser based on the current location, if you're not using browser, the header isn't defined
End of conversation
New conversation -
-
-
I'm sitting in
#SEC542 day #4 covering XSS and this tweet pops up in my timeline how convenient :p cc:@WebBreacherpic.twitter.com/fHupDoRy9L
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

