Collaborate Disseminate
A year-old vulnerability in ChatGPT is being exploited against financial entities and US government organizations.
The post ChatGPT Vulnerability Exploited Against US Government Organizations appeared first on SecurityWeek.
Continue reading ChatGPT Vulnerability Exploited Against US Government Organizations
I have a customer service chat that, after ending, can be emailed as a transcript.
Any HTML tags I inject in the chat reflect normally in the pdf, but when I try to inject any iframe, embed or object tags, or script tag, to get AWS metadat… Continue reading SSRF in PDF scenario [closed]
I am cross-posting here on Information Security as well to request input on the security of the Python code I’ve written and whether it can be considered a false positive.
I’m writing a function to return a file from an msys2 package repo,… Continue reading CodeQL: How to resolve partial Server-Side Request Forgery warning when taking user-based input as a FastAPI endpoint?
I`m trying to perform a SSRF attack on a Hack The Box machine (editorial.htb). I’m trying to send a POST request using curl with the command
curl –data "hckyou.txt" -X POST http://editorial.htb/upload
The POST request in "… Continue reading Trying to send a POST request using curl to a HTB machine
I’m working on a function that returns a HTTP response from https://pypi.org/simple/ when Python’s pip installer requests it for a package. When pushing my code onto GitHub, the CodeQL checks warn of the risk of server side request forgery… Continue reading How to resolve server-side request forgery (SSRF) warning for a HTTP request that takes Python package names as input?
I am working on some portswigger labs to get good at web security.
I was doing this lab at the following link: https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost
Spoiler, you press the "check stock" button… Continue reading Portswigger SSRF basic lab question
Gopher protocol is used a lot when exploiting SSRF, but how?
a Gopher URL takes the form:
gopher://<host>:<port>/<gopher-path>
but let’s take this example:
gopher://10.10.10.3:80/_POST%20/login%20HTTP/1.1%0aContent-Ty… Continue reading SSRF trough Gopher
I am working on a CTF called Internal. I know there are walkthroughs available but I am trying not to look at them for the time being and try and work through things myself. The admin page that is the apparent target is http://10.10.240.10… Continue reading Server Side Request Forgery Vulnerability Question
If I put the browser with burp suite and send it to the repeater and there if I change the referral url to any random url is it a vulnerability?
If it is vulnerable, what is the name of the vulnerability?
If it is not vulnerable please jus… Continue reading We intercept browser in burp and change the referral URL, is it a vulnerability? [closed]
I’m currently doing a pentest and noticed an endpoint where SSRF is possible. The internal request that is sent is a POST request. I would like to find a way to change it to a GET request. I spun up my own server and created a page that pe… Continue reading SSRF change method from POST to GET