Smuggling happens when:
- Frontend (proxy/load balancer) and
- Backend (app server)
disagree on request boundaries
Aravind Kumar SVG aravindkumarsvg
aravindkumarsvg
/ natas19.js
Created
June 1, 2026 13:17
OverTheWire natas 19 Solution. natas19 contains cookie manipulation vulnerability. This javascript based deno script contains the solution to obtain the password for natas20 by manipulating cookie
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Prerequisites: | |
| * | |
| * 1. Update the Basic Authorization value | |
| * 2. Install deno runtime - https://docs.deno.com/runtime/getting_started/installation/ | |
| * | |
| * Command: | |
| * | |
| * deno run --node-modules-dir=none --allow-net --allow-env natas19.js | |
| */ |
aravindkumarsvg
/ natas18.js
Created
June 1, 2026 12:32
OverTheWire natas 18 Solution. natas18 contains cookie manipulation vulnerability. This javascript based deno script contains the solution to obtain the password for natas19 by manipulating cookie
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Prerequisites: | |
| * | |
| * 1. Update the Basic Authorization value | |
| * 2. Install deno runtime - https://docs.deno.com/runtime/getting_started/installation/ | |
| * | |
| * Command: | |
| * | |
| * deno run --node-modules-dir=none --allow-net --allow-env natas18.js | |
| */ |
aravindkumarsvg
/ natas17.js
Created
June 1, 2026 10:24
OverTheWire natas 17 Solution. natas17 contains time based SQL Injection vulnerability. This javascript based deno script contains the solution to obtain the password for natas18 by manipulating time based SQL Injection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Prerequisites: | |
| * | |
| * 1. Update the Basic Authorization value | |
| * 2. Install deno runtime - https://docs.deno.com/runtime/getting_started/installation/ | |
| * | |
| * Command: | |
| * | |
| * deno run --node-modules-dir=none --allow-net --allow-env natas17.js | |
| */ |
aravindkumarsvg
/ natas16.js
Last active
May 27, 2026 13:27
OverTheWire natas 16 Solution. natas16 contains command injection vulnerability. This javascript based deno script contains the solution to obtain the password for natas17 by manipulating command injection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Prerequisites: | |
| * | |
| * 1. Update the Basic Authorization value | |
| * 2. Install deno runtime - https://docs.deno.com/runtime/getting_started/installation/ | |
| * | |
| * Command: | |
| * | |
| * deno run --node-modules-dir=auto --allow-net --allow-env natas16.js | |
| * |
aravindkumarsvg
/ http_request_smuggling_cheatsheet.md
Last active
May 2, 2026 08:26
HTTP Request Smuggling Cheatsheet
aravindkumarsvg
/ uri_delimiters_quirks.md
Created
April 17, 2026 12:55
URI Delimiters & Parsing Differences
aravindkumarsvg
/ Reflection_Introspection-Cheatsheet.md
Created
March 21, 2026 09:53
Reflection, Introspection - Cheatsheet
aravindkumarsvg
/ insecure_deserialization.md
Created
February 2, 2026 02:39
Insecure Deserialization
Insecure deserialization occurs when untrusted data is deserialized into objects, allowing attackers to abuse object lifecycle methods and existing code paths (gadgets) to trigger unintended behavior such as RCE.
Attackers inject object graphs, not code.
aravindkumarsvg
/ window_communication_cheatsheet.md
Last active
November 8, 2025 09:32
Various functionalities used in web for communications between windows, documents, contexts
Modern web applications often require communication between multiple browsing contexts — windows, iframes, tabs, popups, or even workers.
The browser provides several APIs for this, each suited for different scenarios.
NewerOlder