Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-26 06:30:37 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/pentesting-web/xss-cross-site-scripting/sniff-leak.md

38 lines
2.8 KiB
Markdown
Raw Normal View History

GITBOOK-4038: change request with no subject merged in GitBook
2023-08-16 08:24:17 +00:00
# Sniff Leak
<details>
arte
2024-01-01 17:15:42 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
GITBOOK-4038: change request with no subject merged in GitBook
2023-08-16 08:24:17 +00:00
arte
2024-01-01 17:15:42 +00:00
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
GITBOOK-4038: change request with no subject merged in GitBook
2023-08-16 08:24:17 +00:00
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
arte
2024-01-01 17:15:42 +00:00
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
a
2024-02-09 00:38:08 +00:00
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
arte
2024-01-01 17:15:42 +00:00
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
GITBOOK-4038: change request with no subject merged in GitBook
2023-08-16 08:24:17 +00:00
</details>
## Leak script content by converting it to UTF16
[**This writeup**](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#modernism21-solves) leaks a text/plain because there is no `X-Content-Type-Options: nosniff` header by adding some initial characters that will make javascript think that the content is in UTF-16 so th script doesn't breaks.
## Leak script content by treating it as an ICO
[**The next writeup**](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#precisionism3-solves) leaks the script content by loading it as if it was an ICO image accessing the `width` parameter.
<details>
arte
2024-01-01 17:15:42 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
GITBOOK-4038: change request with no subject merged in GitBook
2023-08-16 08:24:17 +00:00
arte
2024-01-01 17:15:42 +00:00
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
GITBOOK-4038: change request with no subject merged in GitBook
2023-08-16 08:24:17 +00:00
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
arte
2024-01-01 17:15:42 +00:00
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
a
2024-02-09 00:38:08 +00:00
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
arte
2024-01-01 17:15:42 +00:00
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
GITBOOK-4038: change request with no subject merged in GitBook
2023-08-16 08:24:17 +00:00
</details>
Reference in a new issue Copy permalink