theMiddle
@meninthemiddle.bsky.social
Rev3rse Security, SicuraNext
Pinned
theMiddle
@meninthemiddle.bsky.social
· Nov 23
Breaking Down Multipart Parsers: File upload validation bypass
TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass va...
blog.sicuranext.com
My last research about how to break multipart/form-data parsers on HTTP file upload blog.sicuranext.com/breaking-dow...
What if you could influence an LLM's output not by breaking its rules, but by bending its probabilities?
Using logprobs and token distribution visualizations, we reveal how prompts can be carefully crafted to guide the model’s behavior.
blog.sicuranext.com/influencing-...
Using logprobs and token distribution visualizations, we reveal how prompts can be carefully crafted to guide the model’s behavior.
blog.sicuranext.com/influencing-...
Influencing LLM Output using logprobs and Token Distribution
What if you could influence an LLM's output not by breaking its rules, but by bending its probabilities? In this deep-dive, we explore how small changes in user input (down to a single token) can shif...
blog.sicuranext.com
June 12, 2025 at 2:10 PM
What if you could influence an LLM's output not by breaking its rules, but by bending its probabilities?
Using logprobs and token distribution visualizations, we reveal how prompts can be carefully crafted to guide the model’s behavior.
blog.sicuranext.com/influencing-...
Using logprobs and token distribution visualizations, we reveal how prompts can be carefully crafted to guide the model’s behavior.
blog.sicuranext.com/influencing-...
Ciao! If you enjoyed our latest research on the SicuraNext blog, you can vote for it in the Top 10 Web Hacking Techniques!
portswigger.net/polls/top-10-w…
- Breaking Down Multipart Parsers: File upload validation bypass
- Response Filter Denial of Service (RFDoS)
❤️
portswigger.net/polls/top-10-w…
- Breaking Down Multipart Parsers: File upload validation bypass
- Response Filter Denial of Service (RFDoS)
❤️
https://portswigger.net/polls/top-10-w…
January 17, 2025 at 5:57 PM
Ciao! If you enjoyed our latest research on the SicuraNext blog, you can vote for it in the Top 10 Web Hacking Techniques!
portswigger.net/polls/top-10-w…
- Breaking Down Multipart Parsers: File upload validation bypass
- Response Filter Denial of Service (RFDoS)
❤️
portswigger.net/polls/top-10-w…
- Breaking Down Multipart Parsers: File upload validation bypass
- Response Filter Denial of Service (RFDoS)
❤️
👋🏻 Bluesky! I'm going to repost here my research about RFDoS "Response Filter Denial of Service: shut down a website by triggering WAF rules" blog.sicuranext.com/response-fil...
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE i...
blog.sicuranext.com
December 12, 2024 at 12:20 AM
👋🏻 Bluesky! I'm going to repost here my research about RFDoS "Response Filter Denial of Service: shut down a website by triggering WAF rules" blog.sicuranext.com/response-fil...
My last research about how to break multipart/form-data parsers on HTTP file upload blog.sicuranext.com/breaking-dow...
Breaking Down Multipart Parsers: File upload validation bypass
TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass va...
blog.sicuranext.com
November 23, 2024 at 11:13 PM
My last research about how to break multipart/form-data parsers on HTTP file upload blog.sicuranext.com/breaking-dow...