Frevvo Vulnerability Disclosure
White Oak Security discovered a “Zip Slip” Authenticated Remote Code Execution vulnerability in Frevvo Live Forms. Frevvo Live Forms is a workflow automation software used to automate processes and forms. […]
Application Security
Using DNS To Bypass SSRF Protections
On a recent web application penetration test, I identified a classic server-side request forgery (SSRF) vulnerability that used a Denylist in an attempt to prevent active exploitation. This post details […]
Blind XSS & GCP Functions: GCPXSSCanary
An Intro to Blind XSS & Secure GCP Functions During a recent engagement, I ran across an instance of potential Blind Cross-Site Scripting (XSS) while pentesting a web application. I […]
Burp Suite Macros – Reshaper Guide
Burp Suite Macros If you’ve performed web application pentests with Burp Suite for a while, you’ve certainly come across applications that don’t play nicely with Burp Suite’s out-of-the-box scanning. Perhaps […]
Fun With CORS
Cross-Origin Resource Sharing On a recent penetration test, we found an interesting misconfiguration that allowed us to use a CORS attack to steal session tokens directly. This made account compromise […]
Dockerizing A Web Testing Environment: Part 3
In the previous posts, part 1 and part 2, for this blog series we created an environment where we can test directory enumeration tools and adjust rate limiting. Let’s continue […]
Jenkins: Remote Execution Via Malicious Jobs
This article is a follow-up to Unauthenticated: Jenkins Edition where we discussed the dangers of unauthenticated access to the /script and /credentials pages of Jenkins systems. This article will focus […]
Modifying Java By Editing Bytecode
Modifying Compiled Java Executables By Editing Bytecode This post will cover the basics of Java Bytecode editing, which allows you to take a compiled Java Executable and make modifications to […]
Server-Side Request Forgery Attack & Fix
SSRF Attack We recently came across a privilege escalation attack avenue during a web application / thick client penetration test. In this blog post, I will be talking about a […]
Unauthenticated: XXE Edition
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]