limited freemarker ssti to arbitrary liql query and manage lithium cmswe faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional 49’ number when trying…Mar 11, 20232Mar 11, 20232
xss attack vector at “style” context for less.jsdetail less & sass suddenly came to my mind when researching about of css injection attacks. you know, both are css pre-processor so i…Mar 11, 2023Mar 11, 2023
a little open redirect bypass storyin one private program at bugcrowd, i came across three different open redirect bug methods.Mar 11, 20231Mar 11, 20231
parameter pollution bug at twittertwitter sent an e-mail to you when someone followed you when someone favorited your tweets etc. you can unsubscribe the twitter…Mar 11, 20231Mar 11, 20231