abdilahrf

Top 10 web hacking techniques of 2024 Welcome to the community vote for the Top 10 Web Hacking Techniques of 2024.

Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10...

15.01.2025 15:24 — 👍 24    🔁 8    💬 0    📌 7

Use golden goose until its not golden 🤣😁

14.01.2025 03:16 — 👍 1    🔁 0    💬 0    📌 0

CVE 2024-37397 - Ivanti Endpoint Manager XXE Vulnerability This blog provides an in-depth analysis of the exploitation process for an unauthenticated XXE vulnerability in Ivanti Endpoint Manager, identified as CVE-2024-37397.

TIL that the recent Ivanti ImportXML vulnerability is a second-order XXE, where the payload must be enclosed in the CDATA section of a SOAP request 🦾

15.12.2024 12:00 — 👍 14    🔁 4    💬 0    📌 1

11 char with open()

Slow race condition but 11 chars! terjanq.me/solutions/jo... Let me know if that works for you. With that, time to stop 😅

13.12.2024 20:34 — 👍 5    🔁 1    💬 0    📌 0

In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Don’t miss it:

youtu.be/JERBqoTllaE?...

22.11.2024 07:27 — 👍 97    🔁 30    💬 2    📌 0

Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...

22.11.2024 05:50 — 👍 51    🔁 25    💬 1    📌 0