While I try to keep the content of the newsletter relevant for bug bounty, long-time subscribers know that I won’t resist sharing a cool cybersecurity story once in a while. And here’s one about the FBI conducting a massive, worldwide phone surveillance operation....
Articles by Issue
DoubleClickjacking: A new era of UI redressing?
A few weeks ago, I discovered what a cross-window forgery is. If you're unfamiliar with it, it'll be covered in next week's podcast. It's one of the methods used to exploit one-click confirmation screens, such as OAuth consent screens. Yet today, I...
Server-Side Prototype Pollution gadget collection
In hacking, there are certain things that I enjoy doing and certain things that I don’t. Looking for SSPP gadgets certainly belongs to the latter category. Luckily for me, the Language-Based Security group at KTH Royal Institute of Technology started collecting them...
Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal
Maxence Schmitt is back with another article about client-side path traversals. This time about constructing JSON payloads that can be interpreted as PDFs by the backend. The trick I liked the most is the one with bypassing the file unix command. By default, it uses a...
Signature Verification Bypass in Nuclei
Due to a different definition of what a line ending is, it was possible to bypass a signature verification in nuclei by using \r as a line separator within a comment. The injected content was processed as part of the yaml template but not used for the signature...
Top Ten (New) Web Hacking Techniques of 2024 voting open
There's an annual vote for Portswigger's top 10 research techniques. As always, I discover some blog posts that I've missed throughout the year, and it'll take me weeks to read through all of them. Make sure to cast your vote now!...
SQL Injection Isn’t Dead Smuggling Queries at the Protocol Level
One of the fascinating techniques I overlooked this year but discovered on the Portswigger’s TOP 10 nominations list was this talk about SQL injection at the protocol level. This research not only presents cool bugs but also techniques applicable to various attack...
OAuth #6 – OAuth server-side account takeovers
We're continuing the OAuth series with yet more potential attacks. I'll show you two server-side OAuth attacks that are a bit less known yet, because they don’t need the user interaction, they are usually rated as criticals. I’ll also show you two other...
WorstFit: Unveiling Hidden Transformers in Windows ANSI!
The Devcore team published an excellent research describing Windows’ best-fit algorithm to match characters that fall outside a specific charset. This results, among many other examples, in mapping a Yen character to a backslash, which, as you can likely imagine, is...
Red, Blue, and Purple AI – Jason Haddix
I find myself using AI quite frequently while hacking, yet my usage is still mostly asking ChatGPT or Copilot to explain something or, at best, generate code. While I don't believe that hacking bots will entirely replace humans soon, I do think that individuals...