| Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities |
|
|
|
| CSRF Bypass Using Domain Confusion Leads To ATO |
|
|
|
| Vulnerabilities in Homepage Dashboard |
|
|
|
| AI Under Siege: Discovering and Exploiting Vulnerabilities |
|
|
|
| How Almost Sacrificing a University Group Project led to a Microsoft Bug Bounty |
|
|
|
| SSD Advisory – XenForo RCE Via CSRF |
|
|
|
| Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF |
|
|
|
| CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster |
|
|
|
| LedgerSMB – CVE-2024-23831: Privilege escalation through CSRF attack on “setup.pl” |
|
|
|
| The power of Client-Side Path Traversal: How I found and escalated 2 bugs through “../” |
|
|
|
| Multiple Vulnerabilities In Extreme Networks ExtremeXOS |
|
|
|
| Securing our home labs: Home Assistant code review |
|
|
|
| A web cache deception chained to a CSRF, the recipe |
|
|
|
| Technical Advisory: Vulnerabilities Identified within ListServ |
|
|
|
| Blog: OmniSpace, from automated 0day XSS to RCE |
|
|
|
| Bypassing Samesite Cookie Restrictions with Method Override |
|
|
|
| HTML Over the Wire |
|
|
|
| CSRFing VS Code's Debug Adapter Protocol |
|
|
|
| Multiple vulnerabilities on Chamilo 1.11.18 |
|
|
|
| Multiple Vulnerabilities In Cockpit CMS <= V2.5.2 |
|
|
|
| My first two valid and rewarded Web Cache Deceptions, earning $2250 |
|
|
|
| A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… |
|
|
|
| Simple Bugs 0x01: Password Changing to Account Takeover! |
|
|
|
| Unveiling the Secrets: My Journey of Hacking Google’s OSS |
|
|
|
| Bypassing SameSite=lax cookie restrictions to preform CSRF resulting to a horizontal privilege escalation via poor email verification mechanism |
|
|
|
writeups.xyz
/
CSRF