My small research about attacks on remote debuggers of various languages acunetix.com/blog/web-secur… #bugbountytips #Pentesting

🐞PoC for a boolean-based #SQLi in Rapid7 Nexpose <= 6.6.48 (CVE-2020-7383) https://nexpose.local:3780/data/discoveryAsset/config/folderPath?path=[sqli]

Here're slides from my talk at ZeroNights X! A 0-day for GhostScript 9.50, RCE exploit chain for ImageMagick with the default settings from Ubuntu repos and several bug bounty stories inside slideshare.net/neexemil/hotpi…

Weakpass 3 is out - better rates, more wordlists, more functionality, and an All-in-One wordlist! Little presentation about what has changed youtu.be/tuiXmSehAFM #passwords

Why do fonts need CORS? w3.org/TR/css-fonts-3…

💥 New article "Fuzzing for XSS via nested parsers condition" by our researcher Psych0tr1a. This techniques allowed us to find a bunch of vulnerabilities in popular web products that no one had noticed before! swarm.ptsecurity.com/fuzzing-for-xs…

I just posted a write-up on how I leaked uninitialized memory (e.g., other users' HTTP requests/responses) from Fastly using a bug in the H2O webserver. Also, there you can learn a fraction of how HTTP/3 + QUIC works) medium.com/@emil.lerner/l…

Bye bye, XSS, your time has finally come. // this is safe by default document.body.setHTML('unsafe HTML here') Firefox: about:config#dom.security.sanitizer.enabled Chrome: chrome://flags#enable-experimental-web-platform-features More info here: wicg.github.io/sanitizer-api/…

Article from the previous post translated in English. 20 years of #payment processing problems kaimi.io/en/2022/07/20-… #security #pentest #paypal #steam #yoomoney #webmoney #racecondition #vulnerabilities

20 years of payment processing problems Ru: bo0om.ru/20-years-of-pa… En: bo0om.ru/20-years-of-pa…

paymentvillage.org/blog/how-i-use… Timur Yunusov

Defending against automatization using nginx speakerdeck.com/bo0om/defendin…

HTTP Request Splitting vulnerabilities exploitation offzone.moscow/upload/iblock/…

A photo of my burp suite key

It's official Die Hard is a Christmas film!