It is really well written with everything explained, from source code review to mass exploitation. The Tiny Tiny RSS writeup is also a mix of vulnerabilities (XSS, SSRF & LFI) that led to RCE. It involves blind XSS, CSP bypass, an exposed JWT generation page, lack of rate-limiting and sensitive information disclosure. The second writeup is a beautiful chain of low/medium impact bugs that ended up becoming a “critical”.
The universal XSS is a great read if you want to learn about XSS in Android. I couldn’t choose only one writeup this week, as these are all excellent and focus on different topics. Universal XSS in Android WebView (CVE-2020-6506) (Google, Microsoft, Twitter…, $15,560+)Ĭhains on Chains: Chaining multiple low-level vulns into a Critical. A pretty advanced and informative XSS attack! 2.
He used several techniques including an obscure method to prevent a page from loading and a side-channel attack. This is a guest article by Luan Herrera who solved one of PortSwigger’s impossible XSS labs. Redefining Impossible: XSS without arbitrary JavaScript This issue covers the week from 18 to 25 of September. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. The first series is curated by Mariem, better known as PentesterLand. No team size limit.Bug Bytes is a weekly newsletter curated by members of the bug bounty community. Our CTFs are free and open to anyone with an internet connection. Challenge containerization provides safe, hands-on environments for contestants to practice developing exploits and hacking. With beginner to expert level challenges, our contest will be a great opportunity for students (and professionals) of any skill level to pick up, practice, and master skills in cybersecurity.
The first edition, CrewCTF 2022, will start at 17:00 GMT on April 15th and run for 48 hours, ending at 17:00 GMT on April 17th. CrewCTF is an annual cybersecurity Capture The Flag competition hosted by TheHackersCrew.
0 kommentar(er)
