I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

Want to master client-side bugs? 😎 Check out this extensive GitHub repository with tens of different resources curated by @zomasec! 🔗 github.com/zomasec/client-si…

Hidden parameters can lead to all sorts of vulnerabilities, from XSS to SQLi and potentially even command injections! 🤑 But they are also quite hard to find... 😓 In our latest article, we documented 5 methods to find hidden input parameters in API endpoints & app routes, including some interesting and advanced cases! 😎 Read the article now! 👇 intigriti.com/researchers/bl…

没人关注，没人转贴，没有阅读😭 算是摸透马克龙，有url的就没有推流 一时兴起拆了台iphone4做成纪念画框 就当作新年礼物送给各位小可爱了 关注我的社交帐号（B站也求三连+关注喵），然后转发本推文就可以参与抽奖 抽奖结果将在1月19日12:00公开，具体抽奖方式看下条帖子，届时将直播进行 #ESeven七仔