Sniff Leak
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
leaks a text/plain because there is no X-Content-Type-Options: nosniff
header by adding some initial characters that will make javascript think that the content is in UTF-16 so th script doesn't breaks.
leaks the script content by loading it as if it was an ICO image accessing the width
parameter.
Learn & practice AWS Hacking: Learn & practice GCP Hacking: