Enumeration risks in password managers
I’m not a LastPass user but this tweet from Sean Wright caught my attention. Just as I thought… LastPass considers...
Read more →Category: Mix
a Hacker’s Backdoor: Service Control Manager
a Hacker’s Backdoor: Service Control Manager Source link
Read more →
ToolTime – WayMore (Historical Content Discovery)
ToolTime – WayMore (Historical Content Discovery) Source link
Read more →Turning Self-XSS into Good-XSS – Jack
Now that the Uber bug bounty programme has launched publicly, I can publish some of my favourite submissions, which I’ve...
Read more →
FT 1000: Intigriti named in the Financial Times’ top 500 fastest-growing European companies
Intigriti was one of five Belgian companies to feature in the FT 1000 List of Europe’s Fastest Growing Companies. Intigriti,...
Read more →
limited freemarker ssti to arbitrary liql query and manage lithium cms
we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional ’49’ number when...
Read more →
Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough)
Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough) Source link
Read more →
OAuth and PostMessage
Tl;DR; An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers...
Read more →
How They Got Hacked Episode Fifty Nine 59
How They Got Hacked Episode Fifty Nine 59 Source link
Read more →
WILSON Cloud Respwnder – honoki
If you’re a Burp Suite user, you’ll be familiar with Burp Collaborator: a service that allows you to monitor out-of-band...
Read more →
SNI Injection
🔍 Introduction SNI SNI(Server Name Indication)은 TLS의 확장 기능으로 handshake 과정 초기에 클라이언트가 어떤 호스트에 접속하는지 서버에게 알리는 역할을 수행합니다....
Read more →