Java: setCharacterEncoding NOT affected by HTTP Response Splitting
<%String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";response.setCharacterEncoding(attacker_controlled_charset);%>
Bypassing referrer check with no script involved
No more to use scripting approach like https://github.com/knu/noreferrer This useful meta tag helps for CSRF POC preparation when you come across an application that checks referrer header: <meta name="referrer" content="no-referrer"> https://caniuse.com/#feat=referrer-policy
Comments
Post a Comment