Re @MrEquinox1 @h_ak_dis If this works, this would be an unintended solution. However, the balance doesn't seem to remain the same. If you withdraw ev... 2023-8-31 18:57:43 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com

Re @Itselfutkarsh Tell us what you might do as an attacker or what you might send to withdraw some money 2023-8-31 14:28:12 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com

Re @mk38101890 We use a single thread system. 2023-8-31 05:57:54 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com

Re @Abdulla36287154 There is abs() so a negative number will turn to positive 2023-8-31 05:57:21 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com

Can you find the vulnerability here? 10$ reward for first correct answer. 2023-8-31 00:18:12 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com

OK, so why does this XSS work? Octagon Networks researchers discovered PHP servers drop any header if the header has "%0D". This means if attacker con... 2023-8-27 16:34:17 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com

Re @Lonefighter27 Solution: https://octagon.net/chal/9.php?name=%3Cscript%20src=https://octagon.net/blog/wp-json/wp/v2/users/1?_jsonp=alert%3E%3C/scri... 2023-8-18 11:4:47 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com

Solution: 49% of the internet suffer from a 0day CSP bypass because it runs WordPress at a directory or subdomain. Our blog too is WordPress at http:/... 2023-8-17 16:2:31 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com

Re Tip: Octagon Networks runs WordPress at http://octagon.net/blog - we talked about a 0day JSONP based CSP bypass on WordPress. 2023-8-15 21:22:42 | 阅读: 0 | 收藏 | Twitter @Octagon Networks - x.com