we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd's program. we could show the traditional '49' number when trying the ${7*7} command, also we could execute the assign directive reference like below.…
There can be many variables in the application such as "id", "pid", "uid". Although these values are often seen as HTTP parameters, they can be found in headers and cookies.…
in one private program at bugcrowd, i came across three different open redirect bug methods.…
less & sass suddenly came to my mind when researching about of css injection attacks.…
twitter sends an e-mail to you when someone followed you when someone favorited your tweets etc.…