Collaborate Disseminate
(or CORS Misconfiguration Misconceptions)
This is a greatly condensed version of my AppSec USA talk. If you have time (or struggle to understand anything) I highly recommend checking out the slides and watching the video.
Cross-Origin Resource Sharin… Continue reading Exploiting CORS Misconfigurations for Bitcoins and Bounties
(or CORS Misconfiguration Misconceptions)
This is a greatly condensed version of my AppSec USA talk. If you have time (or struggle to understand anything) I highly recommend checking out the slides and watching the video.
Cross-Origin Resource Sha… Continue reading Exploiting CORS Misconfigurations for Bitcoins and Bounties
Every experienced pentester knows there is a lot more to XSS than <script>alert(1)</script> – filtering, encoding, browser-quirks and WAFs all team up to keep things interesting. AngularJS Template Injection is no different. In this post, we will examine how we adapted template injection payloads to bypass filtering and encoding and exploit Piwik and Uber.
Lower case conversion
Piwik, an Continue reading Adapting AngularJS Payloads to Exploit Real World Applications
Every experienced pentester knows there is a lot more to XSS than alert(1) – filtering, encoding, browser-quirks and WAFs all team up to keep things interesting. AngularJS Template Injection is no different. In this post, we will examine how we adapted… Continue reading Adapting AngularJS Payloads to Exploit Real World Applications
At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal test-bed of popular web applications to ensure it remains extremely effective against real-world websites. Most recently we have been testing Burp Suite on Magento, a… Continue reading Using Burp Suite to Audit and Exploit an eCommerce Application
At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal test-bed of popular web applications to ensure it remains extremely effective against real-world websites. Most recently we have been testing Burp Suite on Magento, a… Continue reading Using Burp Suite to Audit and Exploit an eCommerce Application
Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely embedding user input in templates enables Server-Side Template Injection, a frequently critical vulnerability that is extremely easy to mis… Continue reading Server-Side Template Injection
Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely embedding user input in templates enables Server-Side Template Injection, a frequently critical vulnerability that is extremely easy to mis… Continue reading Server-Side Template Injection
Early last year Gareth Heyes unveiled a fascinating new technique for attacking web applications by exploiting path-relative stylesheet imports, and dubbed it ‘Relative Path Overwrite’. This attack tricks browsers into importing HTML pages as styl… Continue reading Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities