Profile picture
Alex Birsan @alxbrsn
, 11 tweets, 2 min read Read on Twitter
This would be so cool to read if I wasn't HALFWAY THROUGH DOING MY OWN WRITEUP ABOUT THE EXACT SAME THING.

gosecure.net/2018/04/03/bey…
I am so salty right now
Anyway, just gonna dump any stuff I found that's not covered in that article here
1. Much easier and straight-forward way to bypass XSS auditors and WAFs is by adding <!--esi--> whenever needed:

<scr<!--esi-->ipt>aler<!--esi-->t(1)</sc<!--esi-->ript>
2. If he<!--esi-->llo turns into hello but he<!--esx-->llo isn't modified you have ESI injection
3. Akamai, by design, lets you do some pretty cool stuff. You can modify headers to flip the content-type of the current request to turn any endpoint into XSS. You can also steal cookies even if the victim doesn't have javascript on.
Go read Akamai's developer guide for all the crazy stuff you can do with ESII akamai.com/cn/zh/multimed…
(response code too if you need an external redirect)
4. If you got blind ESII but want to see the "source code" Akamai provides a way to pivot:

<esi:include src="/anypage.html" dca="none" />

(dca=none tells it to ignore ESI directives on the included page)
That's about it. Weeks of research into a couple of tweets
Oh and how could I forget. Akamai and Oracle *both* let you craft POST requests with custom headers and body. CSRF but on the edge server. ESRF.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Alex Birsan
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
Right. One executive at Facebook is the exact same thing as the majority of executives, producers, journalists or hosts at NBC, MSNBC, CBS, ABC, CNN, Wash Post, NY Times, LA Times, Chicago Tribune, Boston Globe or (drum roll) Twitter.
The problem with today’s media is it just placates too many conservatives. JFC...
Today’s media is so bending over backwards for conservatives that not a single major network or media outlet has hired a single Weekly Standard contributor they lamented at losing so much
Read 3 tweets
Profile picture
Right now wrestling fans are going "hurr hurr, wait until the normies find out why David Arquette is trending" but jokes on them because I'm old enough to remember when he married Courtney Cox so if they think this is capable of shocking me they are sorely mistaken.

(CN: blood.)
wrestling fans: HE GOT HIS JUGULAR SLICED OPEN WITH A FLUORESCENT LIGHT BULB!

me: See, she was Monica on friends, and
The man survived four Scream movies, when his character was supposed to die in number one. You think Nick Gage can kill him when Wes Craven couldn't?
Read 17 tweets
Profile picture
I keep thinking back to a discussion a few months on reddit about THE BELGARIAD. Several comments were made about it being cliche and pedestrian, and someone said, “Yeah, it’s a fine story, but it’s never going to be a classic.”
And all I could think to respond was, “It’s over thirty years later and we’re still talking about it. How is that NOT ‘a classic’?
But that got me thinking- I cite THE BELGARIAD (and THE MALLOREON, its sequel series) as one of my influential works. But what is that influence? I know I’ve read the whole series several times. My copies of the books are in terrible shape.
Read 1054 tweets
Profile picture
So, it's about time I finally did it. Join me as I play Thief: The Dark Project; I've never got further than The Sword before. Thanks to the No Spiders mod from @adurdin I hope to actually finish it this time. #ThiefTDP
I'll be playing Thief Gold. I have multiple copies of The Dark Project but they'd require me to dig through boxes to find. Thief Gold is the only one reliably available online. I am reserving the right to level skip past the Thieves Guild, though. #ThiefTDP
I'll be using the New Dark version, but sticking to a 4:3 aspect ratio. #ThiefTDP
Read 639 tweets
Profile picture
Damon gets the sudden urge to check to phone and demands Katherine give it back to him. YESSS READ YOUR DAMN MESSAGES. Its like he got this feeling something wasn't right
"You are going to get yourself killed. The Damon I remember wouldn't have been that stupid."
"I wouldn't have done it for you."
AAGSHD he will risk to life for Elena. We all been knew. But truthfully, he would have for Kat too. He did and he died in 1864.
He wouldn't do it for Katherine NOW, obviously.
Read 1273 tweets
Profile picture
I can't with this guy...but interestingly, he's also revealing a lot with each one of these interviews.

Why not just go speak to the Grand Jury? Clearly, it's not about avoiding spending more time talking about the investigation and your experience...

He can't help himself..
#NOW: SAM NUNBERG says he was told he wasn't a target or a subject of the investigation and he was OFFERED IMMUNITY by the Special Counsel's team.

He also said THEY WANT HIM TO TESTIFY...TO CATCH ROGER STONE ON PERJURY...

ADMITTING THAT ROGER MAY HAVE LIED TO PROSECUTORS.
#LOL: Save this one...

SAM NUNBERG: "I'M NOT GOING TO JAIL, COME ON."
Read 5 tweets

Trending hashtags

#EduColor #Lutyens #BreaktheLie #IllicitHeritage #Dishonored #TweetThread #CulturalCleansing #unroll #Chicago #Brexit #brexit #FLAG #savethe8th #Haqqani #DarkWeb #FamiliesBelongTogether #NOW #MAGAs #The100 #brexti #REMARKABLE #Hitman #trump #cryptocurrency #HeritageCrimes

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!