Popular Posts
-
TL;DR OAuth2 sucks. Please don't think about OAuth2 as about the next generation of OAuth1. They are completely different like colors: ... -
" Thanks! " to many of you, who shared the following promotion for J.Crew Factory. J.Crew is offering Factory Store shoppers a... -
TL;DR Every website with "Connect Facebook account and log in with it" is vulnerable to account hijacking. Every website relying o... -
TL;DR We (me and @isciurus ) chained several different bugs in Facebook, OAuth2 and Google Chrome to craft an interesting exploit. Mallory... -
I discovered [1, nil] attack, but while i was checking unsafe query generation and DoS with symbols people on twitter found RCE for YAML thr...
-
" Thanks! " to Cubbiccino (in this post), as well as others, who shared the following quotes from J.Crew (check... -
" Thanks! " to many of you , w ho let us know that J.Crew had an update to its website (click here to view online). There are s... -
Playing with 302-based header injection (majority of web servers is not vulnerable to it btw) i found one tricky neat bug which can be reall...
-
From official doc on Cross Origin Resource Sharing A header is said to be a simple header if the header field name is an ASCII case-ins...
