Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10...
Use golden goose until its not golden π€£π
TIL that the recent Ivanti ImportXML vulnerability is a second-order XXE, where the payload must be enclosed in the CDATA section of a SOAP request π¦Ύ
Slow race condition but 11 chars! terjanq.me/solutions/jo... Let me know if that works for you. With that, time to stop π
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! π Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Donβt miss it:
youtu.be/JERBqoTllaE?...
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
