A few weeks ago, I had to dive a bit deep into the Oauth protocol and into how different providers actually validate the redirect_uri. I even thought if I would do it on a bigger scale, that could be a bigger research and a good talk. But I see that this paper did a...
Articles by Issue
You can not simply publicly access private secure links, can you?
Whenever I’m sharing something via a URL, I wonder if it will get indexed by URL analysis tools, thus becoming public to anyone. Unfortunately, from this blogpost, we can learn that, unfortunately, there’s a great chance they are. It’s quite hard to say which tool...
They Hacked Google A.I. for $50,000
Joseph "rez0" Thacker, Justin "Rhynorater" Gardner and I, Roni "Lupin" Carta collaborated on hacking Google Bard which resulted in $50,000 of bounties. They have interesting bugs as well like an IDOR that allowed you to describe someone’s...
Using form hijacking to bypass CSP
Password managers are great. It’s the first thing I recommend to my non-tech friends. Apart from being more secure than reusing passwords, it’s also very convenient to have your password filled in by the browser extension. However, the auto-fill mechanism also comes...
How NOT to Train Your Hack Bot: Dos and Don’ts of Building Offensive GPTs
Will AI hacking agents replace us, hackers? This is the question I’ve been asked a few times already. It’s hard not to think about it. Certainly, I did. So this week, I watched a Black Hat talk about Offensive GPTs to see what was presented at Black Hat about the...
ALB auth bypass by using untrusted JWT token
Usually, JWT tokens do not contain information about the signing secret used. In most cases, a web application uses a single signing secret that is not included in the JWT header. However, as per specification, JWT tokens are much more complex. Even though developers...
Request smuggling case study – what more to do other than running existing tools?
HTTP request smuggling is a great vulnerability class. Over the years, we’ve seen many articles with great research and findings. But personally, I’ve never done more discovery than running HTTP Request smuggler. I wanted to know how can I profit from that and what...
Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)
As this blogpost shows, the Clipboard API is quite complex. Especially in applications that implement their own formats that often include URLs or iframes. Do not overlook this source of data! https://spaceraccoon.dev/clipboard-microsoft-whiteboard-excalidraw-meta/
JSON crack – visual JSON editor
JSON crack is a great tool for visualising JSONs. You can visually browse the contents and collapse or expand certain parts to make JSON easily browseable. https://jsoncrack.com/editor
JSON crack – visual JSON editor
JSON crack is a great tool for visualising JSONs. You can visually browse the contents and collapse or expand certain parts to make JSON easily browseable. https://jsoncrack.com/editor