There’s a new article on Sonar Blog about exploiting a command injection in VS Code. While it’s fairly straightforward, I’d like to point your attention to these kinds of bugs - bugs in desktop applications that communicate locally with other tools, including the...
Hacking Techniques
Mass assignment vulnerabilities
Mass assignment is an authorization-related vulnerability class. It’s actually quite an easy one to understand and also to quickly search for in a big codebase. Mass assignment example Let’s start with an example. A developer wants to create an endpoint to register a...
Secrets of automation-kings in bug bounty
Jason Haddix shed some light on the way he finds exploits that can be automated and scanned across a lot of targets. If you think about using automation and creating your own templates but you don’t know how to find bugs to reproduce, this thread is for you....
SVG cheatsheet
Allan Wirth created a cheat sheet with possible things you can try when working with SVG files. Importantly, XSS isn’t the most you can do with it because sometimes, the server processes the file and then it may be susceptible to SSRFs, LFIs and even RCEs....
Finding bugs that others miss
I miss bugs. You miss bugs. Everyone misses bugs. Just most often, we don’t even know that. But why do we miss bugs? This is the question that James Kettle is trying to answer in his talk called Hunting Evasive Vulnerabilities: Finding Flaws That Others Miss. Here are...
6 tricks that I used to solve all Web tasks from NahamCon CTF
Last week, I spoke at NahamCon about debugging. My talk is available here but only for subscribers of the NahamSec Twitch channel. It should be available on YouTube within a week or so so I’ll make sure to share it in the next issue. I also played the CTF. Although I...
Inconsistencies in major URL standard specs
URLs that we use ever yday when browsing the web are usually quite simple. However, if you need to parse them, turns out they are very complex. A lot of bugs I covered on my channel were possible due to URL validation bypasses. But even with that, you would think that...
The best place with open source exploits
The best place with open source exploits When you are looking for a CVE exploit, you probably visit websites like NIST, CVE details, exploit-db or some GitHub repos. Not always you will find the exploit there. Where can you search for it then? Let me show you on the...
Unicode Normalization Vulnerabilities
Unicode normalization. It sounds awesome, doesn't it? Imagine finding a high-risk Unicode normalization bug and sharing it with your fellow pentesters or with your Twitter followers. They probably won't even know what this is and your respect will go over the...
Exploiting differences in parsers
Last week, the article about securing XML implementations has been the most popular in other newsletters. Originally, I was going to also use that one but I decided to rather go for something unique while staying within the XML subject. Namely, I want to show you how...