CentreStack Disclosure
Note: Updated 6/9/2023 to update official CVE IDs White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload […]
Author: Michael Rand
Exploiting Oracle Databases With ODAT
ODAT ODAT (Oracle Database Attacking Tool) is “an open source penetration testing tool that tests the security of Oracle Databases remotely” (1). The goal of the tool is to help […]
Blind XSS & GCP Functions: GCPXSSCanary
An Intro to Blind XSS & Secure GCP Functions During a recent engagement, I ran across an instance of potential Blind Cross-Site Scripting (XSS) while pentesting a web application. I […]
GraphQL Batching Attacks: Turbo Intruder
Exploiting GraphQL Batching Attacks Using Turbo Intruder What Are Batching Attacks In GraphQL? GraphQL allows for multiple queries to be sent to the server in one single request in order […]
Fishbowl Disclosure: CVE-2022-29805
Finding A Shell In Your Fishbowl White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. This […]
Screenshot Tool: Part 6 – Which Tool Is Best?
Comparing Automated HTTP Screenshot Tools At last, the finale! For our last Screenshot Tool blog post, White Oak Security will be putting the top 5 HTTP screenshot tools that are […]
Screenshot Tool: Part 5 – Aquatone
Reviewing Automated HTTP Screenshot Tools Another blog, another screenshot tool for our Screenshot Tool blog series! This White Oak Security series reviews a few of the top HTTP screenshot tools […]
Screenshot Tool: Part 4 – Gowitness
Reviewing Automated HTTP Screenshot Tools Thanks for continuing with us in our Screenshot Tool blog series, where White Oak Security reviews a few of the top HTTP screenshot tools that […]
Screenshot Tool: Part 3 – Snapback
Reviewing Automated HTTP Screenshot Tools Welcome back to our Screenshot Tool blog series, where White Oak Security is reviewing some of the top HTTP screenshot tools that are currently available […]
Screenshot Tool: Part 2 – WitnessMe
Reviewing Automated HTTP Screenshot Tools In our Screenshot Tool blog series, White Oak Security is reviewing some of the top HTTP screenshot tools that are currently available for penetration testers […]