Sim4n6 @ Security Bug Focus 🐞
@sim4n6.bsky.social
If the server-side relies on the browser's incoming Content-Type as a #CSRF protection, you can omit the CT entirely using a Blob object as a fetch() body to perform the state-changing operation, and if #CORS is permitted, leak the unleakable.
nastystereo.com/security/cr... #BugBounty
nastystereo.com/security/cr... #BugBounty
October 20, 2025 at 11:00 AM
If the server-side relies on the browser's incoming Content-Type as a #CSRF protection, you can omit the CT entirely using a Blob object as a fetch() body to perform the state-changing operation, and if #CORS is permitted, leak the unleakable.
nastystereo.com/security/cr... #BugBounty
nastystereo.com/security/cr... #BugBounty
Changed my mind...
June 8, 2025 at 6:11 PM
Changed my mind...
A nice and a sunny day 🌞
June 8, 2025 at 12:01 PM
A nice and a sunny day 🌞
/proc/self/cwd/ is a symlink pointing to the current working directory of the process that is accessing it ... Never lose sight of the process's CWD and what underneath again 🫡
April 18, 2025 at 6:53 AM
/proc/self/cwd/ is a symlink pointing to the current working directory of the process that is accessing it ... Never lose sight of the process's CWD and what underneath again 🫡
I hate this unilateral company emailing approach! In sum, you have the right to send me a message and I can't do the same, And reply, WTH?
✌🏼 Hello@ rocks 🥊
✌🏼 Hello@ rocks 🥊
April 16, 2025 at 10:43 AM
I hate this unilateral company emailing approach! In sum, you have the right to send me a message and I can't do the same, And reply, WTH?
✌🏼 Hello@ rocks 🥊
✌🏼 Hello@ rocks 🥊
You were supposed to destroy them, you were the chosen one !
March 26, 2025 at 11:28 PM
You were supposed to destroy them, you were the chosen one !
Hurry and kill. The waiting to. Celebrate 🎉 ego. I. Me
March 5, 2025 at 8:24 PM
Hurry and kill. The waiting to. Celebrate 🎉 ego. I. Me
@boredabdel.bsky.social master, can you give us advices regarding the pace and speed of running
January 9, 2025 at 9:25 AM
@boredabdel.bsky.social master, can you give us advices regarding the pace and speed of running
Seriously @hacker0x01.bsky.social do I look to be a joke to yaa, I saw others as security leopard 🐆 or at least a fox 🦊 not that, for the review of a whole year!!!
December 17, 2024 at 8:08 AM
Seriously @hacker0x01.bsky.social do I look to be a joke to yaa, I saw others as security leopard 🐆 or at least a fox 🦊 not that, for the review of a whole year!!!
Minutes ago...
December 16, 2024 at 1:36 PM
Minutes ago...