#76

GitHub Actions Cache Poisoning

In this really extensive blogpost, adnanthekhan describes how he found multiple instances of cache poisoning in GitHub Actions. The takeaway is that if any workflow uses GitHub Actions caching and we can run untrusted code in the context of the main branch, we likely...

Digging for SSRF in NextJS apps

To be honest, I run out of things to write about Assetnote blogposts. They are always quality, always clear, and always useful so you should read them no matter what I say. The recent one is interesting in that not only it describes a zero day in NextJS but also...

Looking back at the past 4 months

Eldar describes his experiences with different bug bounty platforms and specifically their triage process. He definitely makes me want to spend some time on YesWeHack and Intigiriti because he wrote that the triage process is smoother than on Hackerone or Bugcrowd....

Beating HTML Sanitisers

HTML is incredibly complex. With all the namespaces, foreign objects and integration points, it’s incredibly difficult to sanitise well. Not to even mention doing some custom transformations on the sanitised HTML which, (un)fortunately, some companies try to apply. If...