Vulnerabilities tagged "web"

Great documentation of the process finding a WAF process, building up the final payload bit by bit.

The title is all you really need on this one, the OTP was reflected in the cookies so no need to actually receive it.

Two parts to the post the vulnerability is a simple SQL injection, URL data winds up in the query.Nothing too special there...

A long chain of issues that leads to XSS in the league of legends (LoL) account subdomain via easyXDM, which is a developer focused JS library that provides an interface for doing cross-origin communication using various protocols.easyXDM consists of a producer-consumer setup, where a producer page exports functions for the consumer page to invoke...

An email normalization issue allowing for remote control of a vehicle.

The `username`, `from_name` and `password` fields of the SMTP server configuration accept new-line characters that will be printed directly into the resulting configuration file.Using this it is possible to include configuration parameters that are not normally exposed...

This blogpost is essentially using a previous sandbox escape they discovered against Backstage, which is Spotify's incubated solution for managing infrastructure and microservices and such.Backstage includes software templates, which can contain ` message` parameter that gets rendered in Nunjucks (a JS templating engine)...

An SQLi in Password Manager Pro, which is bundled with Manage Engine's Privileged Access Management 360 (PAM360) and Access Manager Plus.In the password manager, there's a concept of "resources" which can be added or edited, which internally submits a multipart form request to the `AddResourceType.ve` endpoint...

A number of bugs in Tailscale leading to an RCE chain.

Starts off with a somewhat classic parser attack,, placing a parsable object inside of another context hoping to trip up the system.In this case Gareth Heyes was able to inject `:verified:` within a supported HTML attribute, and have it be replaced with the emoji as an `` tag...