Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities

https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/ 불러오는 중입니다... 세미콜론을 이용해서 Custom Filter를 우회, json에서 NULL byte로 WAF 우회 너무 아름답다..

→2019. 3. 28. 10:24

Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities

티스토리툴바