Sniff Leak

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Leak script content by converting it to UTF16

This writeup leaks a text/plain because there is no X-Content-Type-Options: nosniff header by adding some initial characters that will make javascript think that the content is in UTF-16 so th script doesn't breaks.

Leak script content by treating it as an ICO

The next writeup leaks the script content by loading it as if it was an ICO image accessing the width parameter.

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Last updated