https://bsky.app/profile/steven.srcincite.io/post/3ldw4dbjpf22o
Published: December 22, 2024 19:06
These are some really nice blog posts regarding algo confusion bugs in JWT by @pentesterlab.com https://pentesterlab.com/blog/jwt-algorithm-confusion-code-review-lessons & https://pentesterlab.com/blog/another-jwt-algorithm-confusion-cve-2024-54150 nice…
https://bsky.app/profile/steven.srcincite.io/post/3ldjonhtkyc24
Published: December 17, 2024 20:29
S2-067 is a fantastic bypass of the patch for S2-066. It uses ONGL to re-write the upload filename property in order to bypass the filename path traversal checks.
PoC: if the target bean is called "UploadFile" the your target parameter is…
https://bsky.app/profile/steven.srcincite.io/post/3ldhgwnw32c24
Published: December 16, 2024 23:05
…and what is your office? My office is that which is in the higher aspirant of the soul - Ma’at
https://bsky.app/profile/steven.srcincite.io/post/3lco5txux2s2d
Published: December 6, 2024 21:46
Here is a great follow up blog post to my blog Remote Code Execution with Spring properties written by Elliot Ward: https://snyk.io/articles/remote-code-execution-with-spring-boot-3-4-0-properties/
https://bsky.app/profile/steven.srcincite.io/post/3lcnzrsbtrk2d
Published: December 6, 2024 20:34
Here is a great follow up blog post to my blog Renote Code Execution with Spring properties written by Elliot Ward: https://snyk.io/articles/remote-code-execution-with-spring-boot-3-4-0-properties/
https://bsky.app/profile/steven.srcincite.io/post/3lcm5p67bl22d
Published: December 6, 2024 02:38
Shit posting on wastebook and having my family all triggered is the glory I get on a Friyay!