🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

If you're at DEF CON and want to learn how request smuggling can be used on databases, come by track 1 at 2 pm today! If you're not in Vegas, you can watch the live stream at dctv.defcon.org (23:00 CEST)

Limited impact, but an interesting example of Client-Side Path Traversal :)

Here's my author writeup for htmlsandbox from SekaiCTF blog.ankursundara.com/htmlsandbox-wr… - a parsing differential in streamed vs non-streamed HTML

Critical Roundcube XSS technical details: Desanitization, unsafe Content-Types, CSS exfiltration, and a Service Worker come together to persistently leak emails from a victim's browser. Read about it here: sonarsource.com/blog/governmen… (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)

"Exploiting File Writes in Hardened Environments - From HTTP Request to ROP Chain in Node.js" 📝 by Stefan Schiller (scryh)

A recording of our TROOPERS Conference talk "From ASCII to UTF-16: Leveraging Encodings to Break Software" is now available! The talk covers basic knowledge of character encodings and explains various vulnerability types and exploitation techniques: youtube.com/watch?v=z-ug2d…

As promised, Exchange PowerShell research is getting published in a form of blog posts. Part 1/4 describes two RCEs: MultiValuedProperty internal deserialization + a chain with Command gadget.

You can find all the talks announced on the agenda: hexacon.fr/conference/age… Again, a big thanks to the review committee for their contribution as well as everyone who took the time to submit a talk. 🙏

Join us at OWASP SF for our talk, "Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail" to discover why client-side sanitization is crucial for a secure web. Can't make it? Stay tuned for our upcoming blog post. #OWASP #GlobalAppSecSanFran

Having trouble exploiting a file write vulnerability? Don't miss our Hexacon talk to learn more about unconventional attack surfaces that can turn a file write into code execution – even in hardened environments! We'll follow up with a related blog post later. #HEXACON2024

A blog post with the technical details of my Hexacon talk is now live. Thank you all for the positive feedback on the talk :)

Absolutely stunning work from pspaul on this CSS Injection - > text node exfil technique. blog.pspaul.de/posts/bench-pr…

JS engine pwning, the old-school way! For this year's Hacklu CTF, I wrote a challenge about exploiting a SpiderMonkey version from 2007. I'm usually not a pwner, but it was very fun to learn about all this stuff. Read the write-up here: blog.pspaul.de/posts/ancient-…

Recordings of the #HEXACON2024 talks have been uploaded to our YouTube channel 🎬 youtube.com/playlist?list=… See you next year!

We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: youtube.com/watch?v=zOPjz-…

🧬🔬 I wrote about this finding a bit more extensively in my blog: yaniv-git.github.io/2024/12/08/DOM… #mXSS #XSS

CORS misconfigurations are definitely not good, but how bad can they get? 🧐 Our latest blog post discusses how an origin reflection issue detected by SonarQube leads to code execution in a real-world application: sonarsource.com/blog/never-und… #appsec #security #vulnerability

Introducing InternetCTF! 🤯 Earn up to $10,000 for finding RCE vulnerabilities in open-source software AND creating Tsunami plugin patches. Make the internet safer and get rewarded! 🤑 For details on the program, see our latest blog post: bughunters.google.com/blog/675213644…

What a year! We look back and summarize our security research highlights of 2024: 🪲 Vulnerabilities in Jenkins, SourceForge, Joomla, and much more 🎙️ 7 talks, including DEF CON and Hexacon 🏆 5 nominations and 1 award sonarsource.com/blog/vulnerabi… #research #vulnerability #appsec

This was a fun one to discover! SQL syntax can be ambiguous, and MySQL anticipated this a long time ago. Other SQL dialects stuck to the spec, leading to SQL injection when the right stars align: