albinowax_'s submissions

1.		Drag and Pwnd: Exploiting VS Code with ASCII (portswigger.net)
		1 point by albinowax_ on May 7, 2025 \| past
2.		Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information (embracethered.com)
		4 points by albinowax_ on Aug 28, 2024 \| past
3.		Chaining Three Bugs to Access All Your ServiceNow Data (assetnote.io)
		2 points by albinowax_ on July 11, 2024 \| past
4.		ORM Leak Vulnerabilities (elttam.com)
		1 point by albinowax_ on June 25, 2024 \| past
5.		Hacking millions of modems and investigating who hacked my modem (samcurry.net)
		838 points by albinowax_ on June 3, 2024 \| past \| 271 comments
6.		Getting XXE in Web Browsers Using ChatGPT (ptsecurity.com)
		1 point by albinowax_ on May 22, 2024 \| past
7.		Response Filter Denial of Service: shut down a website by triggering WAF rule (sicuranext.com)
		95 points by albinowax_ on May 21, 2024 \| past \| 26 comments
8.		Source Code Disclosure in Asp.net via Cookieless Sessions (ptsecurity.com)
		1 point by albinowax_ on March 7, 2024 \| past
9.		ChatGPT Account Takeover via Wildcard Web Cache Deception (nokline.github.io)
		4 points by albinowax_ on Feb 12, 2024 \| past
10.		Detection and Exploitation of Ivanti's Pulse Connect Secure RCE (assetnote.io)
		1 point by albinowax_ on Jan 19, 2024 \| past
11.		The curl quirk that exposed Burp Suite and Google Chrome (portswigger.net)
		1 point by albinowax_ on March 28, 2023 \| past \| 1 comment
12.		Remote code execution in Homebrew by compromising the official Cask repository (ryotak.me)
		4 points by albinowax_ on April 21, 2021 \| past
13.		Brave browser’s Tor feature found to leak .onion queries to ISPs (portswigger.net)
		2 points by albinowax_ on Feb 19, 2021 \| past
14.		Cracking reCAPTCHA, Turbo Intruder Style (portswigger.net)
		1 point by albinowax_ on Nov 21, 2019 \| past
15.		The age of browser XSS filters is over (portswigger.net)
		3 points by albinowax_ on July 16, 2019 \| past
16.		Significant new web hacking techniques from 2018 (portswigger.net)
		1 point by albinowax_ on Feb 28, 2019 \| past
17.		Abusing Meta Programming for Unauthenticated RCE in Jenkins (blog.orange.tw)
		1 point by albinowax_ on Feb 19, 2019 \| past
18.		Turbo Intruder: Embracing the Billion-Request Attack (portswigger.net)
		2 points by albinowax_ on Jan 28, 2019 \| past
19.		An overview of the top web hacking techniques of 2017 (portswigger.net)
		144 points by albinowax_ on Oct 11, 2018 \| past \| 11 comments
20.		Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirects great (bentkowski.info)
		2 points by albinowax_ on July 24, 2018 \| past
21.		Exploiting Open-XChange with Blind XXE via Powerpoint Files (hackerone.com)
		1 point by albinowax_ on July 23, 2018 \| past
22.		Detecting Same-Origin Redirections with a Bug in Firefox's CSP Implementation (shift-js.info)
		1 point by albinowax_ on July 23, 2018 \| past
23.		Cloudflare, Fastly, Mozilla and Apple Working on SNI Encryption for TLS 1.3 (ietf.org)
		3 points by albinowax_ on July 20, 2018 \| past
24.		Evading CSP with DOM-based dangling markup (portswigger.net)
		1 point by albinowax_ on July 20, 2018 \| past
25.		XSS protection disappears from Microsoft Edge (portswigger.net)
		1 point by albinowax_ on July 19, 2018 \| past
26.		Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution (bishopfox.com)
		2 points by albinowax_ on June 14, 2018 \| past
27.		What website are you really on? Edge zero-day leaves users with no clue (portswigger.net)
		2 points by albinowax_ on May 3, 2018 \| past
28.		CSS-in-JS security issues (reactarmory.com)
		2 points by albinowax_ on Sept 5, 2017 \| past
29.		JSON hijacking for the modern web (portswigger.net)
		3 points by albinowax_ on Nov 29, 2016 \| past
30.		Exploiting CORS Misconfigurations for Bitcoins and Bounties (portswigger.net)
		1 point by albinowax_ on Oct 18, 2016 \| past
		More

HN For You