Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10...
15.01.2025 15:24 β π 24 π 8 π¬ 0 π 7
Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10...
15.01.2025 15:24 β π 24 π 8 π¬ 0 π 7Use golden goose until its not golden π€£π
14.01.2025 03:16 β π 1 π 0 π¬ 0 π 0TIL that the recent Ivanti ImportXML vulnerability is a second-order XXE, where the payload must be enclosed in the CDATA section of a SOAP request π¦Ύ
15.12.2024 12:00 β π 14 π 4 π¬ 0 π 0Slow race condition but 11 chars! terjanq.me/solutions/jo... Let me know if that works for you. With that, time to stop π
13.12.2024 20:34 β π 5 π 1 π¬ 0 π 0
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! π Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Donβt miss it:
youtu.be/JERBqoTllaE?...
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...