Log injections are a class of bug that is often overlooked, both because it is difficult to spot during a black box engagement, and because the impact is difficult to determine.IN this case though the impact was easier to spot because the program processing the output logs was part of the same application...
A request that isn't vulnerable until you make it twice.Definitely an interesting edge case that a lot of testing might overlook...
Code-generator gone bad! And another look at why its important to consider the context of what your escaping data for.In this case synthetics recorder could be used to generate playwright scripts (I think?) to replay a capture interaction...
A few vulnerabilities in Azure Web Services via Kudu Git repo manager used for git deployments.Kudu exports a source control management (SCM) portal that can be accessed if you're authenticated into the instance through Azure Active Directory (AAD), which allows you to manage your web app...
DOM-based XSS in Facebook via Instant Games (a newer feature being gradually rolled out).The vulnerability here is in the `goURIOnWindow` function which is used for supplying the window location and verifying it...
Simple token leakage bug in Oculus endpoints due to migration from using Facebook accounts to Meta accounts.Where the first party access token was previously difficult to leak due to redirects being made through JavaScript, with the new meta authentication flow, redirection was done directly via URL with the token...
A rather simple bug in validating the origin of a Cross-window message due to inappropriately handling null values.
A cool bug that can inject a new user with controlled SSH key into a compute instance and the request doing this can be reached via a GET request with no anti-CSRF token.
An IDOR style issue allowing access to the data plane of a Azure Cognitive Search instance even if that instance was isolated from the internet.
A neat vuln with an interesting impact in Mario Kart 8 Deluxe on the Switch.The game has a feature where players can create tournaments with their own ruleset, accessibility, dates it will run, etc...