Hey folks,
Just published a write-up where I turned a blind XSS into Remote Code Execution , and the final step?
Injecting commands via Accept-Language header, parsed by a vulnerable PHP script.
No logs. No alert. Just clean shell access.
Would love to hear your thoughts or similar techniques you've seen!
🧠🛡️
https://is4curity.medium.com/from-blind-xss-to-rce-when-headers-became-my-terminal-d137d2c808a3
Click to Open Code Editor