Sniff Leak

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Leak script content by converting it to UTF16

This writeup leaks a text/plain because there is no X-Content-Type-Options: nosniff header by adding some initial characters that will make javascript think that the content is in UTF-16 so th script doesn't breaks.

Leak script content by treating it as an ICO

The next writeup leaks the script content by loading it as if it was an ICO image accessing the width parameter.

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousSOME - Same Origin Method Execution NextSteal Info JS

Last updated 4 months ago