hacktricks/pentesting-web/xss-cross-site-scripting/sniff-leak.md

# Curenje snimka

<details>

<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Drugi načini podrške HackTricks-u:

* Ako želite da vidite **vašu kompaniju reklamiranu na HackTricks-u** ili **preuzmete HackTricks u PDF formatu** proverite [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Nabavite [**zvanični PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Otkrijte [**The PEASS Family**](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [**NFT-ova**](https://opensea.io/collection/the-peass-family)
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili nas **pratite** na **Twitter-u** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.

</details>

## Curenje sadržaja skripte konvertovanjem u UTF16

[**Ovaj writeup**](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#modernism21-solves) curi text/plain jer ne postoji `X-Content-Type-Options: nosniff` zaglavlje dodavanjem nekih početnih karaktera koji će naterati JavaScript da misli da je sadržaj u UTF-16 tako da skripta ne pukne.

## Curenje sadržaja skripte tretiranjem kao ICO

[**Sledeći writeup**](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#precisionism3-solves) curi sadržaj skripte učitavajući je kao da je ICO slika pristupajući parametru `width`.

<details>

<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Drugi načini podrške HackTricks-u:

* Ako želite da vidite **vašu kompaniju reklamiranu na HackTricks-u** ili **preuzmete HackTricks u PDF formatu** proverite [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Nabavite [**zvanični PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Otkrijte [**The PEASS Family**](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [**NFT-ova**](https://opensea.io/collection/the-peass-family)
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili nas **pratite** na **Twitter-u** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.

</details>
Translated to Serbian 2024-02-10 13:11:20 +00:00			`# Curenje snimka`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
			`<details>`

Translated to Serbian 2024-02-10 13:11:20 +00:00			`<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`Drugi načini podrške HackTricks-u:`
arte 2024-01-01 17:15:42 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`* Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu proverite [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
			`* Nabavite [zvanični PEASS & HackTricks swag](https://peass.creator-spring.com)`
			`* Otkrijte [The PEASS Family](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [NFT-ova](https://opensea.io/collection/the-peass-family)`
			`* Pridružite se 💬 [Discord grupi](https://discord.gg/hRep4RUj7f) ili [telegram grupi](https://t.me/peass) ili nas pratite na Twitter-u 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Podelite svoje hakovanje trikove slanjem PR-ova na [HackTricks](https://github.com/carlospolop/hacktricks) i [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
			`</details>`

Translated to Serbian 2024-02-10 13:11:20 +00:00			`## Curenje sadržaja skripte konvertovanjem u UTF16`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			[Ovaj writeup](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#modernism21-solves) curi text/plain jer ne postoji `X-Content-Type-Options: nosniff` zaglavlje dodavanjem nekih početnih karaktera koji će naterati JavaScript da misli da je sadržaj u UTF-16 tako da skripta ne pukne.
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`## Curenje sadržaja skripte tretiranjem kao ICO`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			[Sledeći writeup](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#precisionism3-solves) curi sadržaj skripte učitavajući je kao da je ICO slika pristupajući parametru `width`.
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
			`<details>`

Translated to Serbian 2024-02-10 13:11:20 +00:00			`<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`Drugi načini podrške HackTricks-u:`
arte 2024-01-01 17:15:42 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`* Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu proverite [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
			`* Nabavite [zvanični PEASS & HackTricks swag](https://peass.creator-spring.com)`
			`* Otkrijte [The PEASS Family](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [NFT-ova](https://opensea.io/collection/the-peass-family)`
			`* Pridružite se 💬 [Discord grupi](https://discord.gg/hRep4RUj7f) ili [telegram grupi](https://t.me/peass) ili nas pratite na Twitter-u 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Podelite svoje hakovanje trikove slanjem PR-ova na [HackTricks](https://github.com/carlospolop/hacktricks) i [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
			`</details>`