StackStorm (aka “IFTTT for Ops”) is event-driven automation for auto-remediation, security responses, troubleshooting, deployments, and more. In this blogpost I will describe how can you cause RCE on targeted servers which only requires an authenticated user browse to malicious webpage.
Google fixed this a year after I reported this bug and yet refused to accept this as a vulnerability, got no luck with bug-bounties haha
According to wordpress.com, the WordPress platform powers 29% of the worldwide internet websites.
In this blog post I will give a short example of exploiting CSRF vulnerability on Geminabox.
So Geminabox is an application allows you manage your internal gems was vulnerable to CSRF on upload file.
While we are on Facebook, we are often share links to external sources, like Youtube, Google Drive, Instagram, or any other websites.
Github - https://github.com/Quitten/Autorize
In this blog post I will discuss a XSS vulnerability I’ve found in AliExpress website.
In this blog post I will discuss a vulnerability I’ve found in the SoapUI product before version 4.6.4 (CVE-2014-1202).