サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
アメリカ大統領選
labs.detectify.com
Account hijacking using “dirty dancing” in sign-in OAuth-flows Combining response-type switching, invalid state and redirect-uri quirks using OAuth, with third-party javascript-inclusions has multiple vulnerable scenarios where authorization codes or tokens could leak to an attacker. This could be used in attacks for single-click account takeovers. Frans Rosén, Security Advisor at Detectify goes t
Middleware, middleware everywhere – and lots of misconfigurations to fix tl;dr Detectify Crowdsource found some interesting middleware misconfigurations and potential exploits that, if left unchecked, leaves your web applications vulnerable to attack. Last year, Detectify’s security research team looked at various middleware, primarily for Nginx web servers, load balancers and proxies. We’ve found
Imagine what could happen if the country-code top-level domain (ccTLD) of a sovereign state fell into the wrong hands. Here’s how I (@Almroot) bought the domain name used in the NS delegations for the ccTLD of the Democratic Republic of Congo (.cd) and temporarily took over 50% of all DNS traffic for the TLD that could have been exploited for MITM or other abuse. Note: This issue has been resolved
Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token TLDR; I was able to create a malicious page that would reconnect your Slack WebSocket to my own WebSocket to steal your private Slack token. Slack fixed the bug in 5 hours (on a Friday) and paid me $3,000 for it. Recently a bug I found in Slack was published on HackerOne and I wanted to explain it, and the method
Note: This issue has already been resolved and pushed to the Lastpass users. Stealing all your passwords by just visiting a webpage. Sounds too bad to be true? That’s what I thought too before I decided to check out the security of the LastPass browser extension. For those who don’t know, LastPass is one of the world’s most popular password managers. I started by noticing that the extension added
Popular Google Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. The Detectify team has identified how they are doing it and what options you have to avoid being affected by it. These extensions will receive your complete browsing history, all your cookies, your secret access-tokens used for authentication (i.e., Facebook Connect)
The Chrome XSS Protection (also known as XSS auditor) checks whether a script that’s about to run on a web page is also present in the request that fetched that web page. If the script is present in the request, that’s a strong indication that the web server might have been tricked into reflecting the script. So in short, it blocks reflected XSS attacks. A couple of months ago I discovered that th
このページを最初にブックマークしてみませんか?
『Detectify Labs - Writeups, ethical hacker insights, security guidance』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く