Intigriti XSS Challenge - August 2021 - A venture into prototype pollution

When I started the challenge, I was greeted with this: Hovering over the links, I noticed that the links contained a recipe parameter. So, I opened the link in a new tab. Clearly the parameter was being processed somewhere, so figuring out where it was taking place was important. In…

Github Dorking for sensitive information

I consider myself, in my infinite laziness, to be primarily an information disclosure-oriented hunter. This is, of course, subject to change, but due to work commitments and whatnot, this is what I am at this moment in time. The most effective method of finding info disclosure bugs is arguably dorking.…

Trellodorker - Trello Dorking Tool

Trello is a nice website owned by Atlassian. It lets you create "boards" which contain "cards". Tasks can be moved between cards. It's a great system for keeping track of things. You can configure boards to be public or private. This is where the problems start. Jimmy is impatient. He…

Stored XSS on the DuckDuckGo search results page

This XSS was accidental. For whatever reason, I was messing about with the searchbar, putting various payloads into it without expecting to find anything. So eventually, I put in the following payload into the searchbar: "><img src=x> And of course, nothing happened. But something caught…

On Apache Flink dashboards

I've recently come across an interesting misconfiguration. This is regarding Apache Flink. What is Flink? Flink is a framework for processing data streams. It runs on port 8081 by default. What are data streams? Re the Flink documentation: Any kind of data is produced as a stream of events. Credit…