RSS Parrot

BETA

🦜 @steven.srcincite.io on Bluesky

@bsky.app.profile.steven.srcincite.io@rss-parrot.net

I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.

---

Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things.

Your feed and you don't want it here? Just e-mail the birb.

Site URL: bsky.app/profile/steven.srcincite.io

Feed URL: bsky.app/profile/did:plc:67adsz26qgkkhvvp5hdr6vkw/rss

Posts: 6

Followers: 1

Published: December 22, 2024 19:06

These are some really nice blog posts regarding algo confusion bugs in JWT by @pentesterlab.com https://pentesterlab.com/blog/jwt-algorithm-confusion-code-review-lessons & https://pentesterlab.com/blog/another-jwt-algorithm-confusion-cve-2024-54150 nice…

Published: December 17, 2024 20:29

S2-067 is a fantastic bypass of the patch for S2-066. It uses ONGL to re-write the upload filename property in order to bypass the filename path traversal checks. PoC: if the target bean is called "UploadFile" the your target parameter is…