URLs that we use ever yday when browsing the web are usually quite simple. However, if you need to parse them, turns out they are very complex. A lot of bugs I covered on my channel were possible due to URL validation bypasses. But even with that, you would think that...
Articles by Issue
Using headless browser with Python
In the previous two issues, you learnt how to make HTTP requests with python and how to parse HTML responses. It’s often enough but sometimes, you need the JS on the website to execute. For example, when looking for XSS vulnerabilities - no alert will pop in a dry...
Something to relax – LEGO
To work efficiently you must be well-rested. Last week I got LEGO from a friend and it was my first time building LEGO since childhood. I loved it and it gave me much needed energy for the rest of the day! Among other things, I used this energy to write this email....
Productivity tip – energy waves
Did it ever happen to you that you had a lot of energy in the morning but didn't have the will to start the intense hacking? You thought that you would have the same energy level for the whole day so you postponed doing the hard work. And then, all of a sudden,...
GravCMS Arbitrary YAML Write leads to Code Execution (CVE—2021—21425)
This amazing write-up shows you how to properly utilise reading code to your advantage. You can learn exactly what was wrong with the PHP code that allowed Mehmet Ince to bypass authentication, authorization and then execute RCE via a malicious YAML file....
Live Recon with TomNomNom
Doesn't matter if you do recon or not, TomNomNom's content is a must-watch, because he shares so many bash tricks and useful tools that you can speed up many of your current bash habits. For example, how many times did you do something like: It will append...
$635,387.47 made in 1590 days from 336 bugs
After seeing all those shiny 5-digit payouts it might seem that every professional bug hunter finds weekly RCE and is a millionaire. But it's like with Instagram - there we only see the best bits of someone's life, while here we only see someone's best...
The best place with open source exploits
The best place with open source exploits When you are looking for a CVE exploit, you probably visit websites like NIST, CVE details, exploit-db or some GitHub repos. Not always you will find the exploit there. Where can you search for it then? Let me show you on the...
Oauth security guide
Oauth security guide Oauth is very common these days. There are a few nice bugs that can be introduced in that mechanism. That's why you should understand it and know common vulnerabilities. There's an excellent paper by Haboob that shows Oauth from the...
Gitlab RCE via metadata
Seeing many RCE payloads in the image metadata, I wondered what is required for those payloads to be triggered. Now I know - there's an awesome report on Hackerone from Gitlab, where it was possible to execute arbitrary commands via metadata in the image....