Single post
jump to replies
Some things never change
8 replies
back to top
@joern You forgot `<script>alert(1)</script>` :)
@freddy I prefer server side vulns
@joern @freddy the best of both worlds with <img src=x onerror=‘alert(1);"$(reboot)"’> #bugbountytips #hackermillionaire
@joern I think the log file where you find the three is missing, like: tail -f /var/log/nginx/access.log ;-)
@joern Oh, those are easy to block.
Been doing that for four years now. About 35K blocked IP addresses in my database and hardly ever a customer who complains about being blocked.
Once or twice a student who thought they could use our website for trying out the SQL injection they learned about at school… 🤣
We talk with those. But otherwise a lot of garbage that doesn’t get a chance anymore… #bye
@joern Relevant xkcd cartoon.
@joern what's the middle one, shell injection?
@Gaelan yes!