Whenever I needed to proxy my Burp traffic through another IP address, I would just create an SSH tunnel to a VPS. Of course, the VPS would run all the time because I’m too lazy and it’s too cheap to turn it off and on every day. But Honoki created a Burp plugin that...
#50
Booking.com Oauth account takeover writeup
Last year, my favorite vulnerability vectors were the new Oauth ones. I was quite surprised that we haven't seen more similar attacks. Recently, Aviad Carmel from Salt Security published a write-up of the Oauth account takeover in Booking which works similarly....
Two sides of cautiousness when looking for cache poisoning
This writeup I like and dislike at the same time. On a positive note, I’d like to highlight how AnkitCuriosity was cautious with not actually poisoning real users and invested several hours just to create a reliable cachebuster with which he could proove the bug...
GitHub Security Lab’s 10 bugs in DataHub with vulnerable code snippets
GitHub Security Lab has discovered multiple bugs in the DataHub application. The cool thing is that it's open-source, so the blog post includes the vulnerable code. You often ask me about ways to practice code review, and looking at vulnerable snippets is...
Nuclei Foundation series
The ProjectDiscovery channel now features a series of videos explaining how to use Nuclei, a tool that needs no introduction. The videos are created by PwnFunction so the quality is absolutely top-notch!...
Turning arbitrary file write into an RCE
Arbitrary file write is a very dangerous vulnerability, but its impact is more difficult to demonstrate than that of a file read bug. In a recent blog post, Maxence Schmitt and Lorenzo Stella from Doyensec describe a technique they used to turn arbitrary file write...
The Ultimate CVSS Guide for bug bounty
CVSS is a uniform way to describe the severity of a bug. It has received a lot of criticism for its flaws over the years. However, we still use and we'll keep using it for now. Not because it's perfect but because we don’t have anything better. Incorrectly...