#22

Top 10 web hacking techniques of 2021

The final list looks like this: 1 - Dependency Confusion 2 - HTTP/2: The Sequel is Always Worse 3 - A New Attack Surface on MS Exchange 4 - Exploiting Client-Side Prototype Pollution in the wild 5 - Hidden OAuth attack vectors 6 - Cache Poisoning at Scale 7 - JSON...

Step-by-step process of writing CodeQL queries

CodeQL is one of the things I will learn in 2022. I even started writing some queries on Elastic codebase for the bounty vlog #2 but so far only for educational purposes. If there’s something that worries me about CodeQL, it’s the fact that resulting queries are...

Comparing site maps in Burp

I don’t know since when there is the feature in Burp of comparing sitemaps but I only heard about it recently. You can compare the sitemap from your between Burp’s projects. I think for this purpose, it would be good to save Burp’s project in a separate file once in a...

CSRF in GraphQL

GraphQL CSRF? There’s no CSRF with application/json content type, is there? It’s true but only partially - you won’t send this request from an HTML form: But, according to Tomasz Swiadek and Andrea Brancaleoni, middleware will commonly help us and the following...

Most interesting bugs from Rails’ 18 years of history

Ruby on rails is a gift from developers to hackers. I don’t consider it to be true but it’s what I sometimes think when I see how ruby enables some attacks by processing things differently than other technologies. Examples include GETs with bodies or using ; as...

Hacking GitHub actions

I don’t have a crystal ball but if I were to predict what we will be hacking in the future, I’d say we will be hacking more and more stuff around the web applications. That’s a trend that’s already present. Examples of such attacks are: cache poisoning or request...