Article discussing two remote code execution vulnerabilities in Microsoft SharePoint. The content appears to be a blog index or archive page listing various security research posts by the author.
A SQL injection vulnerability was discovered in the login endpoint of bootcamp.nutanix.com where unsanitized user input in the email and password JSON parameters allowed extraction of database version information via error-based SQLi techniques. The vulnerability was exploited using simple quote injection and extractvalue() functions to trigger MySQL errors revealing system details.
A researcher discovered an SQL injection vulnerability in AutoTrader's webmail login (dealeremail.autotrader.co.uk) that allowed authentication bypass using the payload admin'–' in both username and password fields, gaining unauthorized access to the admin panel. The vulnerability was reported through the bug bounty program and was subsequently patched.
Researcher Josip Franjković documented multiple race condition vulnerabilities discovered in Facebook, DigitalOcean, and LastPass that allowed attackers to bypass single-action restrictions by sending concurrent requests—including inflating page reviews, creating multiple usernames, and redeeming promo codes multiple times. All bugs were subsequently fixed and disclosed through responsible disclosure timelines.
A Server-Side Request Forgery (SSRF) vulnerability was discovered in DownNotifier that allowed enumeration of local services through XSPA attacks by bypassing loopback address filters using the 0.0.0.0 address. The vulnerability enabled detection of running services like FTP and HTTP on the server.
A bug bounty hunter documents two SQL injection vulnerabilities discovered in a private program, both protected by WAF (Web Application Firewall) that blocks requests randomly. The author develops Python scripts that exploit timing and retry logic to overcome WAF blocking mechanisms—one using repeated requests when WAF returns maintenance errors, and another using multiple retries to differentiate between WAF-generated and server-generated error responses.
A writeup on bypassing a Web Application Firewall (WAF) to exploit a blind SQL injection vulnerability discovered during security research. The article documents the techniques used to evade WAF detection while exploiting the underlying database vulnerability.
A developer at Stripe relied on client-side HTML class disabling during account lockout/session timeout, allowing an attacker with a logged-in session to use browser inspect element to remove the disabled class and bypass authentication checks to invite themselves as an administrator. The vulnerability was fixed after responsible disclosure with a $500 bounty.
A blind SQL injection vulnerability in a PostgreSQL LIMIT clause was exploited by using ASCII conversion to extract database information through response-based inference. The attacker created 127 albums and used nested `ascii(substr())` functions to convert extracted characters into numeric values that controlled the LIMIT clause row count, allowing information extraction by counting returned results.
A CSRF vulnerability was discovered in a web application's address deletion feature that lacked CSRF token protection, compounded by a predictable numeric addressId parameter that could be brute-forced via JavaScript to delete arbitrary user addresses. The researcher developed a proof-of-concept that sends hundreds of requests with sequential addressId values from a victim's browser to identify and delete their saved addresses.