Posts

  • XSS Hunting

    This post documents one of my findings from a bug bounty program. The program had around 20 web applications in scope. Luckily the first application I chose was a treasure trove of bugs, so that kept me busy for a while. When I decided to move on, I picked another one at random, which was the organisation’s recruitment application.

  • Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls

    This post details how to bypass firewalls to gain access to the Cardholder Data Environment (or CDE, to use the parlance of our times). End goal: to extract credit card data.

  • Password Autocomplete and Modern Browsers

    On many penetration test reports (including mine), the following is reported:

  • Defeating Content-Disposition

    The Content-Disposition response header tells the browser to download a file rather than displaying it in the browser window.

  • Gaining Domain Admin from Outside Active Directory

    …or why you should ensure all Windows machines are domain joined.

  • How to Use X-XSS-Protection for Evil

    Two important headers that can mitigate XSS are:

  • Hidden XSS

    On a web test once I was having trouble finding any instances of cross-site scripting, which is very unusual.

  • ASP.NET Request Validation Bypass

    …and why you should report it (maybe).

  • XSS Without Dots

    A site that I discovered was echoing everything on the query string and POST data into a <div> tag.

  • CSRF Mitigation for AJAX Requests

    To start with, a quick recap on what Cross-Site Request Forgery is:

  • To Be (Enumerated) Or Not To Be

    Are user enumeration vulnerabilities a real security concern? User enumeration is when an application reveals whether a user exists to other users.

  • Unterminated XSS

    I recently came up against the following injection (simplified for the purposes of this post):

  • Umbraco LFI Exploitation

    I mentioned a Local File Inclusion vulnerability (LFI) that I discovered in Umbraco without realising it wasn't patched by the update at the time. Well, as promised here are the details on how to exploit it.

  • Security Flaw or Functional Flaw?

    Having worked as a developer for over ten years before branching into pentesting, I always aimed to bake security into my work, even if I didn’t have the wealth of knowledge that I now have in order to do my day job.

  • Umbraco 0-day

    During a pentesting engagement a couple of years ago I came across an undocumented security vulnerability in Umbraco, more specifically with the ClientDependency library.

subscribe via RSS