Bypassing WAF exploiting SSTI - Twig

TLDR : SSTI in Twig can be exploited to bypass WAF. Twig allows multiple string iteration attributes which can be very helpful while deceiving Web Application FirewallTested WAF : IncapsulaBypass #1 : replace attribute Payload : {%set a="<svg oYad=aZt`1`>"%} {{a|replace({'Y':'nlo','Z':'ler'})|raw}} Bypass…

Curious Case of Benjamin Cookie

TLDR : <img src="data:image/svg+xml,...http-equiv='Set-Cookie'..."> can create/modify cookies!! This payload shall not work anymore. Link - https://tools.ietf.org/html/draft-ietf-httpstate-cookie-14 Last check : Date : Mar 17th 2017 Browser tested : Firefox/51.0 User-Agent : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.…

Exploiting SSRF, Nitty-gritty Details

Server Side Request Forgery vulnerability allows attacker to fetch resource while server acts as a proxy, in this blog I'll focus on scanning the internal network exploiting SSRF vulnerability.In this post I found a service in Facebook which makes HTTP calls to user supplied URI call it A. This…

Whoami and What is This Blog About

My name is Dhaval, and I am currently working at a cryptocurrency exchange while being a bug bounty participant since 2013. I have maintained prominent ranks in programs of Facebook and Yahoo in 2014,2015 while currently, I am a focusing my time being an SRT member at Synack.I…