The final list looks like this: 1 - Dependency Confusion 2 - HTTP/2: The Sequel is Always Worse 3 - A New Attack Surface on MS Exchange 4 - Exploiting Client-Side Prototype Pollution in the wild 5 - Hidden OAuth attack vectors 6 - Cache Poisoning at Scale 7 - JSON...
#22
Step-by-step process of writing CodeQL queries
CodeQL is one of the things I will learn in 2022. I even started writing some queries on Elastic codebase for the bounty vlog #2 but so far only for educational purposes. If there’s something that worries me about CodeQL, it’s the fact that resulting queries are...
Comparing site maps in Burp
I don’t know since when there is the feature in Burp of comparing sitemaps but I only heard about it recently. You can compare the sitemap from your between Burp’s projects. I think for this purpose, it would be good to save Burp’s project in a separate file once in a...
CSRF in GraphQL
GraphQL CSRF? There’s no CSRF with application/json content type, is there? It’s true but only partially - you won’t send this request from an HTML form: But, according to Tomasz Swiadek and Andrea Brancaleoni, middleware will commonly help us and the following...
Most interesting bugs from Rails’ 18 years of history
Ruby on rails is a gift from developers to hackers. I don’t consider it to be true but it’s what I sometimes think when I see how ruby enables some attacks by processing things differently than other technologies. Examples include GETs with bodies or using ; as...
Cross-origin does not mean cross-site
For a long time, I was using the terms cross-origin or cross-site interchangeably, thinking they mean the same. But they don’t. It has important implications in case of CSRFs and SameSite cookies (because they are not SameOrigin cookies). Origin Origin is simple. It...
Hacking GitHub actions
I don’t have a crystal ball but if I were to predict what we will be hacking in the future, I’d say we will be hacking more and more stuff around the web applications. That’s a trend that’s already present. Examples of such attacks are: cache poisoning or request...