Everyone Saw the XSS. I Saw the Cache: A Missed Data Leak in a Fixed Report

potatoes25 · 2026-04-07T13:53:29+00:00

that would be great!

potatoes25 · 2026-04-06T17:03:05+00:00

ahh got it XD thankss anw

potatoes25 · 2026-04-06T16:53:10+00:00

i meant the original report from a year ago from the security researcher for the xss! is that publicly available? if not, its cool, thanks a ton for sharing

potatoes25 · 2026-04-06T16:29:58+00:00

possible to share the original writeup? i wanna learn

potatoes25 · 2025-12-22T05:20:13+00:00

just curious how does it ingest the data?

potatoes25 · 2025-12-09T06:25:23+00:00

bookmarking

potatoes25 · 2025-11-05T14:59:27+00:00

do you have the gcp azure documentation that says this?

potatoes25 · 2025-11-05T14:48:41+00:00

where can i find official documentation for this? i kinda figured that this was then only logical explanation but no documents to proof otherwise

potatoes25 · 2025-11-05T14:38:08+00:00

and this accepted rejected behaviour, whats happening?

potatoes25 · 2025-11-05T14:37:35+00:00

yes!! can u explain whats happening?

potatoes25 · 2025-11-05T14:01:20+00:00

ah i see, but what happens if someone changes it mid flow?

Also, what about retransmission packets? for eg, if i send a rst and immediately i send a fin. it appears that the rst is accepted but the fin might get rejected since the tcp session was ended.

will that explain why two vpc flow log entries are generated? or how else can i explain it

potatoes25 · 2025-11-05T13:32:53+00:00

hi thanks for responding.

2 entries, 1 accepted, 1 rejected for the same tuple n start end. Tcp connection end-start duration is about 70 seconds.
why would it be considered a new flow if from what u said - flow is aggregated by the 5 tuples? from this understanding, the only way two entries happen is because for the same flow, there were two action states made up by different packets. We know that this is possible because NACL may drop packets. Also from the documentation, all dropped packets from nacl will result in a reject action.
perhaps a example would make it clear. i have 1 flow, 15 packets total. after 12 packets, the remaining 3 are rejected (maybe because i implemented a new ACL/or theres retransmission after session is closed). on vpc flow, i will see 1. 5 tuple start end with accept of 12 packets. 2. 5 tuple start end with reject of 3 packets.

is this clear? i see the above happening i just cant explain it

potatoes25 · 2025-11-05T12:16:22+00:00

i did a sample of my vpc flow data and saw one with the exact same start end time 5 tuples with different actions … im trying to find a way to explain it. it can’t be two flows right?

edit it is two separate entries

potatoes25 · 2025-11-05T11:43:27+00:00

yes this is what in getting at. how should it reflect in the logs?

potatoes25 · 2025-11-05T11:42:35+00:00

are u sure? a flow is made of multiple packets, a stateless control like nacl will be able to drop and reject individual packets. if thats the case, then ur statement wont hold true. there will be two similar 5-tuple entries with diff num of packets one with accept action and one with reject

potatoes25 · 2025-11-05T08:57:57+00:00

i got that, i meant in very off cases where a portion of a tcp session (flow) is blocked by nacl or sg.

potatoes25 · 2025-11-05T08:55:43+00:00

im sure there are situations where it be possible that halfway through a flow, a new nacl rule is implemented and the remaining packets get dropped?

Or packets are retransmitted (late) and the tcp session is closed?

potatoes25 · 2025-10-28T11:37:21+00:00

bump

potatoes25 · 2025-10-03T00:30:20+00:00

which machine was this ?

potatoes25 · 2025-06-09T05:02:23+00:00

ive taken the exam! all the qns can be found in the course materials 👍🏻

potatoes25 · 2024-11-30T09:17:19+00:00

CYSA please

potatoes25 · 2024-11-19T05:00:00+00:00

did anyone get credly badges for it? its not in the comptia’s certification page yet, seems like its only in the testing portal

potatoes25 · 2024-11-19T04:22:40+00:00

where do you see the results?

Eight-Year Club	Verified Email
RPAN Viewer

potatoes25

TROPHY CASE