CVE trends is a fun project that ranks recent CVEs based on how many people talk about them on Twitter. Well, I know that Twitter audience isn't the most important factor of any vulnerability but it is an indication of how many people are affected by the bug...
#17
Dependency Confusion POC
Aditya Shende , Bugcrowd top 100, had a talk about dependency confusion lately on DAMNCON. I don't see many practical articles about this vulnerability class and many of you are asking for it. On slides, you can see exactly what steps did he take to reproduce the...
WordPress Confusion
WordPress websites use many external plugins and themes. Importantly, they might be stored in the public WP plugins repository as well as in the private ones. It does remind me a bit the setup for dependency confusion vulnerability. That's pretty much what...
Writing custom semgrep rules
Semgrep is a tool for static source code analysis. It does use regexes but it also understands the code enough to catch some cases of the same thing written in 2 ways. There is a registry of public rules which you can use (https://semgrep.dev/r ) but it's not...
Abandon an idea as soon as you can
When you send a payload you want it to work. It might seem like the most obvious sentence I wrote since the beginning of the newsletter but it's not. Actually, what I want to show you is thinking the other way around - what to do with the payload so it...
Bypassing SameSite cookies
Gafnit Amiga shared a very nice writeup about the AWS SageMaker Jupyter Notebook instance takeover. The writeup contains a few cool tricks like exploiting self-XSS but what I'd like to focus on here is exploiting CSRF with modern browsers that default...
How to debug source code to find bugs?
Having the source code for analysing the app can be a massive help when looking for bugs. With the code, we can be sure how the functionality works and if we are able to bypass it or not. However, only having the code is not much help if you can't use it...