Using a SSRF to target Redis in a GitLab exploit, in order to achieve remote code execution.
This short php code contains a critical vulnerability. In this video I will explain in detail what I think while analysing it.
At first I was not able to solve the mindreader challenge, even though it was supposed to be easy. I have a critical look at my approach and figured out two major mistakes I made.
After finding and analysing the source code we found a GQL injection. Unfortunately there is a system in place that will ban you for too many requests. So we use a modified binary search algorithm to finish in time.
An actual XSS on google.com by Masato Kinugawa. It abuses a parser differential between a JavaScript enabled and disabled context.
There are a lot of charlatans out their overhyping by posting misleading content. It's infuriating because a lot of the actual research is less flashy and thus more hidden. Maybe I'm a bit too pessimistic in this video, but I think it's a concrete example we can use talk about it.
More Web Vulnerabilities
This category is about common web applocation vulnerability patterns like XSS, CSRF, SSRF and more.
Discover by Topics
