There’s a new article on Sonar Blog about exploiting a command injection in VS Code. While it’s fairly straightforward, I’d like to point your attention to these kinds of bugs - bugs in desktop applications that communicate locally with other tools, including the...
Articles by Issue
Live hacking events – what do top hunters focus on?
𝚛𝚎𝚣𝟶 tweeted about lessons learned on the last H1-702 live hacking event. Among others, he shared what he thinks top hackers focus on during these events: Client-side javascript review (looking for chains, xss, auth bypass, etc), auth bugs (looking for oauth issues,...
Learning GraphQL #4 – REST API as a data source and path traversals in docs
This episode of the learning GraphQL series is getting spicy! It’s because I’m implementing the REST API as a data source and turned out that by following the official documentation, I introduced a path traversal to my application! In case you are new, this is a...
Hacking APIs
Corey Ball shared some slides from his workshop about hacking APIs. It can help you organise your knowledge about APIs. He also shows some neat tricks like transforming mitmproxy requests into the Swagger specifications format to feed them to Postman. If that’s your...
$10,000 Reddit Oauth account takeover explained
Some time ago, I wrote on Twitter, that I am not going to make a video about the recent Oauth account takeover on Reddit for which Frans Rosen got $10,000 - their maximum payout. The reason was that the idea behind the attack is very similar to the ATO on Facebook I...
Twitch Internal Security Tools
As you may have heard, some time ago Twitch had a massive leak of its source code. It included a lot of their internal tools. Mazin Ahmed took on the challenge to analyse all the 129 security tools that are present in the leak....
Real-world cache poisoning examples
I must admit that I don’t test or think about cache poisoning bugs. And I probably should. If you are like me, then join me in reading this article about some real-world cases of cache poisoning bugs....
Scraping the bottom of the CORS barrel (part 1)
jub0bs started a series of blogposts about CORS-related issues. I really like his work and I learn a lot about client-side issues from him. I’m going to closely follow the series to learn a lot of nuances about browsers’ and servers’ exploitable behaviours. Here’s the...
An undervalued Burp extension with enormous possibilities
Probably not many of you know about Burp’s extension called Piper. It’s a tool that allows you to pipe requests and responses in Burp into any terminal tool and show the output inside Burp. For example, you can make it automatically pipe any JSON request/response into...
Why are there so many HTTP request smuggling false-positives?
I get a lot of questions about request smuggling false-positives. So I’m that much happier to see that PinkDraconian made a video specifically about this problem so I can redirect people there. So, if you’ve ever had this false-positive or you are curious what is the...