They were very quiet about this one..
The Case of the Missing Cache Keys
Typically when the words 'Cache-Poisoning' are uttered, the first thing that comes to mind is HTTP headers. This ranges from the legendary 'Transfer-Encoding' CPDoS that tore down entire default CDN implementations, to the simple yet effective application leaning issues such as reflection of 'Cookie' values in the source (I ❤️ double-submit CSRF for XSS) or … Continue reading The Case of the Missing Cache Keys
Protected: Salesforce Lightning – An in-depth look at exploitation vectors for the everyday community
There is no excerpt because this is a protected post.
Protected: Priv8 VisualForce Tricks
There is no excerpt because this is a protected post.
SOP Bypass via browser-cache
Introduction Whilst hunting for security issues on Keybase.io's public HackerOne program, I noticed that several API endpoints had CORS enabled. For those who are not familiar with CORS, it allows for a site to relax the SOP so that other domains may interact with (most often) a web API. In this article I'll discuss how … Continue reading SOP Bypass via browser-cache
Protected: CPDos – Akamai’s RFC Nightmare
There is no excerpt because this is a protected post.
enumerated 