Popular Posts
-
TL;DR OAuth2 sucks. Please don't think about OAuth2 as about the next generation of OAuth1. They are completely different like colors: ... -
" Thanks! " to many of you, who shared the following promotion for J.Crew Factory. J.Crew is offering Factory Store shoppers a... -
TL;DR We (me and @isciurus ) chained several different bugs in Facebook, OAuth2 and Google Chrome to craft an interesting exploit. Mallory... -
Playing with 302-based header injection (majority of web servers is not vulnerable to it btw) i found one tricky neat bug which can be reall...
-
Try to run this simple app: require 'sinatra' get '/' do redirect params[:to] if params[:to].start_with? 'http://host....
-
TL;DR Every website with "Connect Facebook account and log in with it" is vulnerable to account hijacking. Every website relying o... -
TL;DR: You have access to internal frames of any (frameable) website. And you can change their locations. And internal frames of internal f... -
I discovered [1, nil] attack, but while i was checking unsafe query generation and DoS with symbols people on twitter found RCE for YAML thr...
-
TL;DR ///host.com is parsed as relative-path URL by server side libraries, but Chrome and Firefox violate RFC and load http://host.com inst...
