Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) – Assetnote
TL;DR Jira is vulnerable to SSRF which requires authentication to exploit. There are multiple ways to create user accounts on Jira in order to exploit…
Category: Mix
How to configure Json.NET to create a vulnerable web API
tl;dr No, of course, you don’t want to create a vulnerable JSON API. So when using Json.NET: Don’t use another TypeNameHandling setting than the default:…
Binary Analysis and Debugging – allysonomalley.com
This post is the 4th and final part a series giving an overview of the most useful iOS app pentesting tools. We will start with…
GitLab – GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection
HackerOne bug report to GitLab: GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKER_AUTH_CONFIG build variable. Injected…
Q4-2022 API ThreatStats™ Report
We’re pleased to present the latest quarterly review and analysis of API vulnerabilities and exploits. This time, we’re going to split our discussion into two…
Building a secure application in five steps | Security Simplified
Building a secure application in five steps | Security Simplified Source link
TomNomNom makes a digital VU meter with HTML canvas
TomNomNom makes a digital VU meter with HTML canvas Source link
[tl;dr sec] #169 – Top 10 Web Hacking Techniques of 2022, Finding Malicious Dependencies, Fearless CORS
Hey there, I hope you’ve been doing well! Coffee Snobs Aficionados I’m not a big coffee person, but it seems like being into coffee is…
I AM GIVING AWAY A CHROMEBOOK – 100k Twitter GiveAway
I AM GIVING AWAY A CHROMEBOOK – 100k Twitter GiveAway Source link
speedtest.8×8.com: Enabled Directory Listing
8×8 disclosed a bug submitted by shriyanss: https://hackerone.com/reports/1825472 Source link
Solving the Pickle Rick CTF
Solving the Pickle Rick CTF Source link
How to disable data persistence on Ubuntu using overlayroot
How to disable data persistence on Ubuntu using overlayroot Source link