Plenum
@plenumlab.bsky.social
Mostly crushing it, basically everyday
A while back i wrote a blog post about a deserialization issue in XMLRPC in ruby
medium.com/bugbountywri...
medium.com/bugbountywri...
Identifying and Exploiting Unsafe Deserialization in Ruby
Introduction
medium.com
November 21, 2024 at 7:46 PM
A while back i wrote a blog post about a deserialization issue in XMLRPC in ruby
medium.com/bugbountywri...
medium.com/bugbountywri...
Reposted by Plenum
Reposting my evergreens.🎄
Instead of using SSRF to peer inside a local network, I used an internal vulnerable server to proxy out traffic to the internet to turn my blind XXE into root-level file read access. Read my write-up on honoki.net/2018/12/12/f...
#bugbounty #writeup #xxe #ssrf
Instead of using SSRF to peer inside a local network, I used an internal vulnerable server to proxy out traffic to the internet to turn my blind XXE into root-level file read access. Read my write-up on honoki.net/2018/12/12/f...
#bugbounty #writeup #xxe #ssrf
November 20, 2024 at 8:30 AM
Reposting my evergreens.🎄
Instead of using SSRF to peer inside a local network, I used an internal vulnerable server to proxy out traffic to the internet to turn my blind XXE into root-level file read access. Read my write-up on honoki.net/2018/12/12/f...
#bugbounty #writeup #xxe #ssrf
Instead of using SSRF to peer inside a local network, I used an internal vulnerable server to proxy out traffic to the internet to turn my blind XXE into root-level file read access. Read my write-up on honoki.net/2018/12/12/f...
#bugbounty #writeup #xxe #ssrf