Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.
This article is a great example why you should use your own router instead of ISP provided one
It doesn’t matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way
There wasn’t a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn’t check who is actually authenticated)
It doesn’t matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way
There wasn’t a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn’t check who is actually authenticated)