Category: Mix

Reflected XSS at fotoservice.hema.nl | by Jonathan Bouman
16
Mar
2023

Reflected XSS at fotoservice.hema.nl | by Jonathan Bouman

Proof of concept. Above the browser. Below a private slack channel displaying the credentials. BackgroundReflected XSS bugs are great fun…

Open Sesame: Escalating Open Redirect to RCE With Electron Code Review | by Eugene Lim | The Startup
16
Mar
2023

Open Sesame: Escalating Open Redirect to RCE With Electron Code Review | by Eugene Lim | The Startup

For better or worse, Node.js has rocketed up the developer popularity charts. Thanks to frameworks like React, React Native, and…

Chains on Chains: Chaining multiple low-level vulns into a Critical. | by Daniel Marte
16
Mar
2023

Chains on Chains: Chaining multiple low-level vulns into a Critical. | by Daniel Marte

Hello! Hope all is well. I know it has been a while since my last writeup! Just a quick little…

Week 3: Real Talk on Real Numbers | by d0nut | d0nut reads
16
Mar
2023

Week 3: Real Talk on Real Numbers | by d0nut | d0nut reads

A really fancy paint by numbers.. err, maybe it was a safari for finding different kinds of numbers? In continuation…

Piercing the Veil: Server Side Request Forgery to NIPRNet access | by Alyssa Herrera
16
Mar
2023

Piercing the Veil: Server Side Request Forgery to NIPRNet access | by Alyssa Herrera

During my reconnaissance of military websites as part of the Department of Defense’s vulnerability disclosure, I noticed two particular websites…

The Bug That Exposed Your PayPal Password
16
Mar
2023

The Bug That Exposed Your PayPal Password

And Credit Card Number Too Continue reading on Medium » Source link

HOW DID THIS HAPPEN!? (13370822 LHE VLOG)
16
Mar
2023

HOW DID THIS HAPPEN!? (13370822 LHE VLOG)

HOW DID THIS HAPPEN!? (13370822 LHE VLOG) Source link

Amazon SNS A2A Fanout Pattern
16
Mar
2023

Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl

Note: This is the “text notes” version of my DEF CON 30 Cloud Village Lightning Talk. The talk was not…

For the better right
16
Mar
2023

Unauthenticated Remote Code Execution against CommVault Command Center

When Justin Kennedy and Brandon Perry asked me if I was interested in performing a little audit together, I couldn’t…

Expanding the Attack Surface: React Native Android Applications
16
Mar
2023

Expanding the Attack Surface: React Native Android Applications

window.location.replace(“https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/”); You can find this blog post on Assetnote’s blog. Source link

Using Burp Suite match and replace settings to escalate your user privileges and find hidden features
16
Mar
2023

Using Burp Suite match and replace settings to escalate your user privileges and find hidden features

On May 14th, Lew Cirne, the CEO of New Relic, announced a new platform called New Relic One. The platform,…

Hacking Chess.com and Accessing 50 Million Customer Records
16
Mar
2023

Hacking Chess.com and Accessing 50 Million Customer Records

To preface: the bug we found here is really simple. The interesting thing here is the impact of the vulnerability…