Gal Nagli (@Naglinagli)

Title	Vulnerabilities	Programs	Authors
Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack	Subdomain Takeover Supply Chain Attack	GitHub	Gal Nagli (@Naglinagli)
Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT	AI LLM Web Cache Deception Account Takeover	OpenAI (ChatGPT)	Gal Nagli (@Naglinagli)
Hacking 6.5+ million websites => CVE-2022-29455 (Elementor)	XSS	Undisclosed	Rotem Bar (@Rotembar) Gal Nagli (@Naglinagli) Tomer Zait (@Realgam3)
Exploiting Redash instances with CVE-2021-41192	Privilege Escalation Session Management Issue SSRF	Undisclosed	Ian Carroll (@Iangcarroll) Tuan Anh Nguyen (@Haxor31337) Gal Nagli (@Naglinagli)
WordPress Plugin Confusion: How an update can get you pwned	Supply Chain Attack WordPress Plugin Confusion WordPress Theme Confusion	Undisclosed	Kamil Vavra (@Vavkamil) Gal Nagli (@Naglinagli)
Mass Assignment exploitation in the wild - Escalating privileges in style	Mass Assignment Privilege Escalation	Undisclosed	Gal Nagli (@Naglinagli)
Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough	Web Cache Poisoning Stored XSS	Undisclosed	Gal Nagli (@Naglinagli)
Broken Access Control on samsung.com subdomain leads to Mass Account Takeover of Samsung employees application accounts	Information Disclosure Account Takeover Broken Authorization	Samsung	Gal Nagli (@Naglinagli)
How i could take over any Account on a USA Department of Defense Website due to a simple IDOR	IDOR Account Takeover	U.S. Dept of Defense	Gal Nagli (@Naglinagli)

Page 1 of 1