Normal view

There are new articles available, click to refresh the page.
Before yesterdayHacktive Security Blog

Dynamic caching: What could go wrong?

27 July 2022 at 08:47
Tl;DrThe Engintron plugin for CPanel presents a default configuration which could expose applications to account takeover and / or sensitive data exposure due to cache poisoning attacks. Whenever a client sends a request to a web server, the received response is processed and served by the back-end service each time. In case of an high […]

Intigriti November XSS Challenge

21 November 2021 at 23:00
The bug bounty program Intigriti hosts an XSS challenge every month. This time, the challenge was about bypassing CSP by reloading a VueJS instance, getting able to exploit a client side template injection. My solution can be summarized in 4 main steps: Finding reflection and achieving HTML Injection Accessing an abusable piece of code, containing […]

Hacking the Dutch government

5 April 2023 at 08:05
A few months ago I found out that the dutch government is hosting a bug-bounty program that covers a lot of assets from their infrastructures. The program scope available at appears to be really wide, with more than 1000 targets, that allowed to find some interesting application by running some basic passive subdomain enumeration […]