THREATOPS
THREAT OPSThreat News › Concealing payloads in URL credentials

Concealing payloads in URL credentials

infoportswigger_researchPublished 2024-10-23

Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL . This was fascinating to me especially because the payload is not actually visible in the URL in

MITRE ATT&CK techniques

Original source: https://portswigger.net/research/concealing-payloads-in-url-credentials