CVE-2024-50379 is a critical TOCTOU race condition in Apache Tomcat's JSP compilation that enables remote code execution on case-insensitive file systems when the default servlet is misconfigured with write permissions enabled. The article provides a technical POC demonstrating exploitation by uploading benign and malicious JSP files that differ only in case (file.jsp vs FILE.JSP) on Windows systems.
A CORS misconfiguration on api.artsy.net allowed attackers to exfiltrate sensitive user data (email, phone, authentication tokens, etc.) by crafting a malicious webpage that leverages the overly permissive Access-Control-Allow-Credentials and Access-Control-Allow-Origin headers to make cross-origin requests with victim credentials.
A subdomain takeover vulnerability was discovered on live.lamborghini.com where an expired CloudFront distribution CNAME allowed an attacker to claim the subdomain by creating their own AWS S3 bucket and CloudFront distribution. The researcher demonstrated the attack by registering the subdomain and uploading malicious content, highlighting the risk of phishing and impersonation attacks.
CVE-2017-5244 is a CSRF vulnerability in Metasploit commercial editions (Express, Community, Pro <4.14.0) where GET requests to stop/stop_all task routes were not properly validated, allowing attackers to kill all running Metasploit tasks via malicious JavaScript injection. The vulnerability exploited missing CSRF token validation and improper HTTP method enforcement.
A researcher chained a CSRF vulnerability with a stored XSS flaw to create persistent XSS attacks. By leveraging missing CSRF protection on a template creation endpoint and exploiting HTML/SVG injection in description fields, an attacker could trick victims into creating malicious templates that execute JavaScript when viewed.