Author Archives: Krysslk

Would a base64ed code work inside an images metadata? [closed]

Posted on February 4, 2023 by Krysslk

my target has a server that uses aspx possibly version 4.3 and i just found out that it has an image upload part. They have an image analyzer so it has to be an image file so i wonder if i could embed some sort of remote code execution scr… Continue reading Would a base64ed code work inside an images metadata? [closed]→

Posted in Asp.Net, remote code execution | Tagged Image

Accidentally locked an XSS vulnerable input

Posted on August 2, 2022 by Krysslk

On https://ais.osym.gov.tr/ I saw an XSS vulnerable input. I tried some payloads without malicious intent which only contained alerts or console logs. The code img \x00src=x onerror=alert(1) worked.

Now the problem is whenever I try to re… Continue reading Accidentally locked an XSS vulnerable input→

Posted in error-handling, input validation, javascript, json, xss