Rails 6 leaked secret token
If an attacker can obtain the value of secret_key_base in rails 6, can he achieve RCE through that, similar to https://www.exploit-db.com/exploits/27527 (applicable to rails 2-4)?
Collaborate Disseminate
If an attacker can obtain the value of secret_key_base in rails 6, can he achieve RCE through that, similar to https://www.exploit-db.com/exploits/27527 (applicable to rails 2-4)?
Assuming that I can delete arbitrary files on a linux system as a non-privileged user, what methods exist to escalate my privileges this way?
Continue reading Privilege escalation through arbitrary file delete
I recently came across this article: https://blog.sonarsource.com/10-unknown-security-pitfalls-for-python, which describes security pitfalls in the python programming language that are less well known to developers.
Do you have examples of… Continue reading Lesser known security pitfalls in Python
The methods presented in https://xsleaks.dev/ are based on the fact that malicious Javascript can use Cross-origin requests to infer data by means of faulty status codes, time required, mime type etc. If the server were to check beforehand… Continue reading How to prevent XS-Leaks while maintaining usability?