Erroneous Knowledge

Yelp uses there own flavor of GraphQL with a UI site generator called CHAOS. GraphQL has Denial Of Service attacks with long queries but Yelp does not reward DOS attacks and requests that bug bounty hunters do not flood the API with them. They use batch queries to the API with cryptic looking large cookies that detail user location by coordinates. The cookies are large with a key-value format. They use data dome against bots so the web application firewall picks up whether there is a proxy being used denying access to the website depending on whether you use the Burp Suite chromium browser. I have only come across loading issues when proxying through fire fox and haven not been denied. Yelp uses cookielaw CDN and also has its own yelp CDN which means there could be vulnerabilities with caching and web cache deception or web cache poisoning the kind of attacks that are hard to produce but I should research further. Because they have their own CDN means it might still be in scope of ...

Deconstructing www.yelp.com is harrowing. They use Pyramid which is a python framework. They have their own internal CDN (yelpcdn) as well as using an external CDN with fastly. They have their own flavor of GraphQL that uses their homemade Server Driven UI called CHAOS that integrates with their flavor of GraphQL throughout their mobile app and maintains backwards compatibility with other services. It is a microservices house. Burp Proxy says they also use cookielaw.cdn and they batch their GraphQL api calls all in one go initially on loading the webpage. I learned a bit about GraphQL but they are an extremely hardened target with a company that has been around since 2004. I figured I try my luck with some basic cross side scripting on a vendor login form field but no luck. I got any api endpoint that I tried fuzzing with ffuf but no luck I got a bunch of 403's. I don't know what else to do but keep exploring the site and learning about GraphQL. There is a whole host of GraphQL...

Citadelo Blog on leaking IP's This is a website with a great write up about finding web server's actual IP's behind reverse proxies like cloudflare. Extremely informative and devious because it explains all the attack vectors well. I got to get better at XML External Entity vulnerabilities so I can leak IP's on applications that use XML through the Document Type Definition (DTD). Festina Lente.

Studying Perl5 was a solitary pursuit. The language has nearly died after its prominence in the early 20's and late 90's. Though it is still maintained it seems like a dead language compared to other languages with more activity. I liked its arcane abstruse syntax and the hundreds of switches or flags that were possible. You could write really obfsucated stuff but it never amounted to much for myself. I never wrote anything impactful in Perl5 just more searching for programming trivia off of the websites like www.perlmonks.com. Maybe if I had gotten into bioinformatics then Perl5 skills could really shine. I never used Perl5 in Linux Administration which is the last vestigial trace you can find Perl5 scripts still in use. I took a gander of Perl6 which is called Raku now and that was a truly modern programming language with language constructs ahead of its time. With the passing of Larry Wall I imagine the vision of Raku still lives in some form. What do I know? I was no code n...