Hidden OAuth attack vectors
2021-3-24 14:59:0 Author: artsploit.blogspot.com(查看原文) 阅读量:23 收藏

  • In December 2015, I found a critical vulnerability in one of PayPal business websites ( manager.paypal.com ). It allowed me to exe...

  • When I am trying to find vulnerabilities in web applications, I always perform fuzzing of all http parameters, and sometimes it gives me som...

  • https://www.veracode.com/blog/secure-development/spring-view-manipulation-vulnerability I wrote this article while working at the Veracode ...

  • https://www.veracode.com/blog/research/exploiting-spring-boot-actuators I wrote this article while working at the Veracode Research team.

  • https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 I wrote this article while working at the PortSwigger Rese...

  • https://portswigger.net/research/hidden-oauth-attack-vectors I wrote this article while working at the PortSwigger Research team.

  • https://github.com/veracode-research/solr-injection A brand new vulnerability -  Apache Solr Injection , as well as new ways to RCE in this ...

  • https://www.veracode.com/blog/research/exploiting-jndi-injections-java I wrote this article while working at the Veracode Research team.

  • https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/ In 2023 I spent some time researching x509 certificate au...


文章来源: https://artsploit.blogspot.com/2021/03/hidden-oauth-attack-vectors.html
如有侵权请联系:admin#unsafe.sh