tl;dr
- Notepad 1 - Use Set-Cookie header to get XSS on the Admin
- Notepad 1.5 - CRLF on the name parameter of Golang’s
Header().Set()
method - Notepad 2 - Xsleaks using
Timing-Allow-Origin
header
tl;dr
Header().Set()
methodTiming-Allow-Origin
headertl;dr
strncat
in merge
allows for an overwrite onto the next region tl;dr
/source
to get the sourcedev_test
using SSRFtl;dr
tl;dr
/verify_roles?role=supersuperuseruser\ud800","name":"admin
{"constructor":{"prototype":{"test":"123"}}}
in config-handlertl;dr
sha256('')
./api/flag
and send it to attacker server.tl;dr
tl;dr
tl;dr
tl;dr