Oauth Misconfiguration lead to complete account takeover

A collection of posts on ethical hacking

If you're a penetration tester, there are numerous tools you can use to help you accomplish your goals.

One night I was sitting and decided to look at the security of Uber infrastructure, launched a scanner and my eye caught on the host data-07.uberinternal.com I charged nmap, port 9000 was found. It was an obscure web service - Portainer.

HTML injection is an attack very similar to Cross-site Scripting (XSS), whereas in XSS the attacker can inject and execute Javascript code, in HTML injection attack it allows only the injection of certain HTML tags.

The adoption of Unicode has also introduced a whole host of attack vectors onto the Internet. And today, let’s talk about some of these issues!

So let’s make the assumption you’re in tech already and want to change streams to cyber, where do you begin!

The Mozilla Observatory has helped over 170,000 websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.

JSON web tokens are a type of access tokens that are widely used in commercial applications. They are based on the JSON format and includes a token signature to ensure the integrity of the token. Today, we are going to talk about the security implications of using JSON web tokens (and signature-based tokens in general), and how they can be exploited by attackers to bypass access control.

Regex is everywhere on the Internet nowadays. Downing Servers With Evil Regular Expressions. But can regex also lead to vulnerabilities? Today, let’s explore how attackers can exploit poorly…