GraphQL is something that I’ve been willing to learn for a long time. Of course, I can understand the syntax or write a simple query but I lack the understanding of how things work from the developer’s perspective. So I’m going to make a series where we create a...
Server-side hacking techniques
Confluence Blind OGNL Injection
The CVE 2022-26134 is all over my Twitter feed. Here’s the best analysis that I’ve seen, by HTTPVoid https://twitter.com/httpvoid0x2f/status/1532924231054499840
How to actually find a DNS rebinding SSRF?
DNS rebinding is an SSRF technique that I’ve known for a long time. My very first YouTube video covers it. It’s not that complicated… in theory. But a few weeks ago I was finally able to exploit SSRF via DNS rebinding on a private bug bounty program. There were some...
Java’s fantastic URL class
Do you think these URLs are equal to each other? I also would say they are not but Java has a different opinion on it. Turns out that for Java’s URL class, two URLs are equal if they are resolved to the same IP addresses. This just sounds soo bad. As per replies under...
Trailing dot domain bypasses
Last week, I published a video on YouTube about my $1,500 bug in Stripe. It was a domain denylist bypass in a tool that is supposed to prevent SSRFs. https://youtu.be/Ga9o--v-grA The trick I used there was a trailing dot - I shared it in BBRE Premium before: 10...
Deserialisation explained
Deserialisation was one of the bug classes that I didn’t understand for a long time yet I thought it is a very good, advanced technique. You know, it has a cool name and usually results in an RCE. One of you suggested me this topic on our Discord, so here it is! Let’s...
DNS takeover vulnerability
Standard subdomain takeovers are done using dangling CNAME records. This type of vulnerability is so popular that it's highly automated by now. However, it's not the only type of subdomain takeover. There's also a subdomain takeover that relies on leftover...
How to Hack APIs in 2021?
APIs are becoming more and more popular these days. That's why we, as hackers, must also follow the trend and focus more on API-related vulnerabilities. hakluke and Farah Hawa assembled a really great article about hacking APIs in 2021. It's really extensive...
HTTP/2 request smuggling
If you would tell me you only want to watch one security talk per year, without a doubt, I would tell you to watch the yearly James Kettle's research presented on DEFCON or Black Hat. This year, he came back with request smuggling but using HTTP2 which was meant...
SAML security
SAML stands for Security Assertion Markup Language. It's a way some applications implement SSO. It relies on signed data in XML. If you read the 9th issue of the newsletter, you know how to exploit differences in XML parsers😏. For SAML authentication there are even...