Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- Understanding the default encoding of a project can help out quite a bit when pentesting something! Sometimes, adding a simply poop emjoi may cause the request to be handled funny.
- Also, sending non-sensical values to something will cause weird issues…So, do not be afraid to fuzz! This SSRF was only possible with a zero-length body on a request.
- The questions to ask:
- How is the information being altered?
- How can I exploit the alteration of this information?
- Recommended using https://www.npmjs.com/package/safe-url-assembler to prevent these sorts of attacks. Sort of like a parameterized query.
