joernchen 
.
@joern,
Some things never change
joernchen
.
@joern,
Gaelan Steele
.
@Gaelan, @cathode.church
@joern what's the middle one, shell injection?
joernchen
.
@joern,
@Gaelan yes!
0xD34DF15h
.
@0xD34DF15h, @mstdn.social
@joern Relevant xkcd cartoon.
Fubaroque
.
@fubaroque, @mastodon.social
@joern Oh, those are easy to block.
Been doing that for four years now. About 35K blocked IP addresses in my database and hardly ever a customer who complains about being blocked.
Once or twice a student who thought they could use our website for trying out the SQL injection they learned about at school… 🤣
We talk with those. But otherwise a lot of garbage that doesn’t get a chance anymore… #bye
Chris 
.
@totenlegionChris, @metalhead.club
@joern I think the log file where you find the three is missing, like: tail -f /var/log/nginx/access.log ;-)
Frederik Braun �
.
@freddy, @security.plumbing
@joern You forgot `<script>alert(1)</script>` :)
joernchen
.
@joern,
@freddy I prefer server side vulns
~swapgs
.
@swapgs, @infosec.exchange
@joern @freddy the best of both worlds with <img src=x onerror=‘alert(1);"$(reboot)"’> #bugbountytips #hackermillionaire