Sniff Leak
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Leak script content by converting it to UTF16
This writeup leaks a text/plain because there is no X-Content-Type-Options: nosniff
header by adding some initial characters that will make javascript think that the content is in UTF-16 so th script doesn't breaks.
Leak script content by treating it as an ICO
The next writeup leaks the script content by loading it as if it was an ICO image accessing the width
parameter.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Last updated