Vulnerabilities tagged "web"

The Autofill Assistant has a chain of issues that could be abused for universal XSS in the context of an arbitrary website.

Cool research post introducing a few ModSecurity rule bypasses abusing different parser errors in the ModSecurity Code Rule Set.While those specific to ModSecurity are probably patched by now...

Three vulns that were discovered in Netlify's Next.js lib, which is heavily used across many cryptocurrency sites due to it's web3 support. With that context in mind, CIA (confidentiality, integrity, availability) is interesting with web3, as integrity is critical; the data coming from a trusted site needs to be trustworthy, as most users won't go digging through the blockchain to verify a particular address or transaction matches.

The vulnerability as reported was closed as not a vulnerability, but it did uncover a bug in the Sanitizer API.

Two argument injections that were found in Bitbucket server, though only one of them was exploitable.The first was in the `/rest/api/latest/projects/~USER/repos/repo1/browse` endpoint, where an `at` parameter could be provided...

Just what can be accomplished when webhooks are allowed to access internal services, Cider Security takes a look specifically at abusing GitHub and GitLab webhooks to access internally hosted Jenkin instances.

Honestly, this is a bit of a crazy issue to see, during Login, if the `LocalPasswordAuthAdapter` gets used, it will attempt to validate the login credentials with whatever host is in the `Host` header, an attacker can often control this header completely. And so by pointing the header to a domain the attacker controls they can setup a server that will respond with an `HTTP 200` to the authentication request allowing the attacker to login.

It seems that the syntax highlighting filter will read the `data-sourcepos` attribute rather permissively including newlines and angle brackets. This value gets reflected back out into the page where the browser will end up interpreting as HTML some of the text the backend throught was in the attribute.

Inspired by HTTPVoid's February write-up about [Hacking Google Drive Integrations](https://github.com/httpvoid/writeups/blob/main/Hacking-Google-Drive-Integrations.md). They took a bit deeper look at how HelloSign patched the SSRF documented.

Funny bug in Glovo, which is a delivery platform for taking orders and dispatching deliveries.The bug is an integer overflow in the quantity parameter of the POST request for the order, which can affect the total price of the order...