The Apiculture challenges are dedicated to API attacks. The second level basically looks like a webpage dedicated to beehives:
Continue reading Apiculture 2 write-upTag: web
Apiculture 1 write-up
The Apiculture challenges are dedicated to API attacks. It is basically a honey’s addict website:
Continue reading Apiculture 1 write-upMagento – RCE & Local File Read with low privilege admin rights
I regularly search for vulnerabilities on big services that allow it and have a Bug Bounty program. Here is a second paper which covers two vulnerabilities I discovered on Magento, a big ecommerce CMS that’s now part of Adobe Experience Cloud. These vulnerabilities have been responsibly disclosed to Magento team, and patched for Magento 2.3.0, 2.2.7 and 2.1.16.
Continue reading Magento – RCE & Local File Read with low privilege admin rightsAbuser le filtre XSS pour faciliter une attaque de ClickJacking
Le clickjacking est une attaque relativement répandue visant les utilisateurs d’un site vulnérable X. L’idée est de faire cliquer l’utilisateur sur un endroit du site en question sans qu’il ne s’en rende compte. Le plus souvent, cela est fait en utilisant une iframe cachée sous la souris de l’utilisateur.
Continue reading Abuser le filtre XSS pour faciliter une attaque de ClickJacking