Videos and tips about web security and bug bounty
GitLab 11.4.7 Remote Code Execution
Video write-up about the Real World CTF challenge "flaglab" that involved exploiting a GitLab 1day. Actually two CVEs were combined to achieve full remote code execution...
Do NOT use alert(1) in XSS
Using the alert(1) XSS payload doesn't actually tell you where the payload is executed. Choosing alert(document.domain) and alert(window.origin) instead tells you about where the code is being run, helping you determine whether you have a bug you can submit.
Authentication Bypass in CodeIgniter Due to Empty SQL Where Clause
A while ago I came across this tweet, showing off a weird authentication bypass. Based on my experience in auditing websites this didn't make sense to me, so I tried to figure out the root cause. During this process I believe I have identified two potential coding anti-patterns