Open in app

Sign In

Write

Sign In

mert tasci
mert tasci

7 Followers

Home

About

Mar 11

limited freemarker ssti to arbitrary liql query and manage lithium cms

we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional 49’ number when trying the ‘${7*7}’ command, also we could execute the `assign` directive reference like below. <#assign attribute1="ssti"> <#assign attribute2="test"> ${attribute1}${attribute2} //prints sstitest it clearly looked like freemarker template engine. but we…

2 min read

limited freemarker ssti to arbitrary liql query and manage lithium cms
limited freemarker ssti to arbitrary liql query and manage lithium cms

2 min read


Mar 11

xss attack vector at “style” context for less.js

detail less & sass suddenly came to my mind when researching about of css injection attacks. you know, both are css pre-processor so i think they don’t support any client-based operation. it is a mistake… i saw less.js when visiting http://lesscss.org/ page. less.js provides interpreting javascript code with backtick char…

1 min read

1 min read


Mar 11

a little open redirect bypass story

in one private program at bugcrowd, i came across three different open redirect bug methods. first this is an effortless open redirect vulnerability as follows and i reported it to the company. > https://companyx.com/redirect?url=http://mert.ninja then they marked as “triaged” and “unresolved” the bug. after a while, they marked it as…

2 min read

2 min read


Mar 11

parameter pollution bug at twitter

twitter sent an e-mail to you when someone followed you when someone favorited your tweets etc. you can unsubscribe the twitter notifications by clicking the “unsubscribe” button in the footer of the mail. then it will redirect you to the following link: https://twitter.com/i/u?t=1&cn=bWVzc2FnZQ%3D%3D&sig=647192e86e28fb6691db2502c5ef6cf3xxx&iid=f6529edf-322d-xxx-b99a-067876dfe799&uid=1134885524&nid=22+26

1 min read

1 min read

mert tasci

mert tasci

7 Followers

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech