Google Drive integrations are common among many apps that I use. Turns out that the integration is not so easy and it can lead to quite serious bugs, including this, $17,576 SSRF in Dropbox . Here’s a writeup by @httpvoid0x2f...
Articles by Issue
Finding source code bugs with CodeQL the easy way
I talk about CodeQL a lot. Maybe even too much, considering I don’t even write queries (yet!). The reason is that writing them is hard and requires me to invest some time first. Time which I don’t want to invest right now. The good thing is that you don’t have to know...
&& instead of || leads to an RCE
Assetnote blog is a gift that just keeps giving. This time, Shubs found a vulnerability that originated in a very simple mistake. In the if instruction, the AND operator was used instead of the OR operator. This simple mistake led to the RCE in the Dynamicweb...
Solving a CTF task by ASCII-only JAR webshell
This writeup from Real World CTF 2022 from LiveOverflow’s team is absolutely mental. He shows the whole process of how solving a properly hard CTF task looks like, including problems and unsuccessful ideas. The exploit ends in creating a ASCII-only .jar file......
OAuth + ../ + postMessage bug = account takeover
Oauth account takeovers via open redirects became less common these days - most implementations force developers into specifying strict lists of allowed domains, hence it’s not possible to fiddle with them. However, sometimes you can chain it with another...
Web3 learning corner #2
First, I decided to rename the Blockchain learning corner to Web3 learning corner - the name seems more appropriate as I was not learning Blockchain itself but Blockchain-related technologies and Web3 is a widely-accepted way to describe it. With that sorted out,...
Nuclei Burp Plugin
I know a lot of hackers use nuclei. If you are using it, too, definitely check out the Nuclei Burp plugin that allows generating nuclei templates straight from Burp Suite. It’s not on the BApp store so you have to install it manually from .jar file....
Escaping shell arguments for command injection bugs
Command injection is usually a critical vulnerability. Even though it’s not very popular these days, it’s definitely still present and worth knowing. In this article, I will show you the potential vectors of attack and quirks I learned recently. We will consider a...
TOP 7 hacking technique 2021 – JSON interoperability bugs
Many vulnerabilities originate in inconsistencies in parsing input between different components of the same application. In simple words - sometimes parses make assumptions about how to parse a quirky value. In itself, it’s not a security bug. It becomes a serious...
Bypassing URL blocklists in Java
Java, like every language, has some quirks. One of them is that you can use url: before URLs to bypass potential filters. One of the replies to the tweet by Phith0n also mentions that leading spaces work, too. source tweet