hacktricks/pentesting-web/xss-cross-site-scripting/sniff-leak.md
Carlos Polop cfff5cc9a8 re
2024-12-14 12:46:15 +01:00

2.8 KiB

Sniff Leak

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Leak script content by converting it to UTF16

This writeup leaks a text/plain because there is no X-Content-Type-Options: nosniff header by adding some initial characters that will make javascript think that the content is in UTF-16 so th script doesn't breaks.

Leak script content by treating it as an ICO

The next writeup leaks the script content by loading it as if it was an ICO image accessing the width parameter.

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}