lostrabbitlabs

Bypassing the WAF and Exploiting Shadow VHosts

15.10.20 01:17 AM By Jimi Allee - Comment(s)
We will provide an introduction to our WisQuas Engine, share some of LRL‘s recent discoveries, and take a quick look at causing an internal Information Disclosure (through overflowing the Apache web service), and using this disclosure to access an unprovisioned Shadow VHost (Virtual Host).