| Plug Security Holes in React Apps That Can Lead to API Exploitation |
|
|
|
| Writing Burp Bambda Filters Like a Boss |
|
|
|
| Security Vulnerabilities in CasaOS |
|
|
|
| [P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) |
|
|
|
| Escalating Privileges With SSRF |
|
|
|
| How I was able to get account takeover via IDOR form JWT |
|
|
|
| What is kong & why we’re relying on it |
|
|
|
| Privilege Escalations through Integrations |
|
|
|
| From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR |
|
|
|
| Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover |
|
|
|
| GitHub Security Lab audited DataHub: Here’s what they found |
|
|
|
| Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise |
|
|
|
| Hacking our way into internal DBs with hardcoded authentication keys |
|
|
|
| Authentication Bypass in Izanami Docker image 1.10.22 CVE-2023-22495 |
|
|
|
| Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI |
|
|
|
| SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege |
|
|
|
| 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite |
|
|
|
| Exploits Explained: 5 Unusual Authentication Bypass Techniques |
|
|
|
| ASP.NET Boilerplate Multiple Vulnerabilities |
|
|
|
| Hacking into the worldwide Jacuzzi SmartTub network |
|
|
|
| Eye for an eye: Unusual single click JWT token takeover |
|
|
|
| Each and every request make sense… |
|
|
|
| Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers |
|
|
|
| Unauthorized access to all the user’s account. |
|
|
|
| 5 Ways to do Account Takeover in a Single Website |
|
|
|
writeups.xyz
/
JWT