Reposted by abdilahrf
Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10...
Top 10 web hacking techniques of 2024
Welcome to the community vote for the Top 10 Web Hacking Techniques of 2024.
portswigger.net
January 15, 2025 at 3:24 PM
Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10...
Reposted by abdilahrf
TIL that the recent Ivanti ImportXML vulnerability is a second-order XXE, where the payload must be enclosed in the CDATA section of a SOAP request 🦾
CVE 2024-37397 - Ivanti Endpoint Manager XXE Vulnerability
This blog provides an in-depth analysis of the exploitation process for an unauthenticated XXE vulnerability in Ivanti Endpoint Manager, identified as CVE-2024-37397.
d4mianwayne.github.io
December 15, 2024 at 12:00 PM
TIL that the recent Ivanti ImportXML vulnerability is a second-order XXE, where the payload must be enclosed in the CDATA section of a SOAP request 🦾
Reposted by abdilahrf
Slow race condition but 11 chars! terjanq.me/solutions/jo... Let me know if that works for you. With that, time to stop 😅
11 char with open()
terjanq.me
December 13, 2024 at 8:34 PM
Slow race condition but 11 chars! terjanq.me/solutions/jo... Let me know if that works for you. With that, time to stop 😅
Reposted by abdilahrf
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Don’t miss it:
youtu.be/JERBqoTllaE?...
youtu.be/JERBqoTllaE?...
DEF CON 32 - Splitting the email atom exploiting parsers to bypass access controls - Gareth Heyes
YouTube video by DEFCONConference
youtu.be
November 22, 2024 at 7:27 AM
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Don’t miss it:
youtu.be/JERBqoTllaE?...
youtu.be/JERBqoTllaE?...
Reposted by abdilahrf
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
November 22, 2024 at 5:50 AM
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...