Olivia
Online
Karel Origin
@Karel_Origin
Nederland
Joined March 2016
130 Following
1.9K Followers
1.5K Posts
@_jensec If your job's current state of vulnerability management is an absolute mess, let me know; we can probably be helpful there 😄
@_jensec Shameless bit of self-promotion here: I've been working on https://t.co/kX7EDdIrdd for a few years now, and we're doing really solid, unique, interesting work to address challenges in the CVE ecosystem
@volosh_sec @galnagli @n8n_io I believe n8n can be self-hosted, so a privilege requirement seems in order
@albinowax This is pretty interesting though because the statefulness occurs at the transport layer.
I don't think this is as much validation as it is routing. A reverse proxy will likely use the initial host header to determine what the destination should be which will persist for as long as the connection is alive. However, I only see the SSRF occur in very specific scenario's: e.g. an upstream server takes arbitrary host headers but isn't bound to a known list, unlike the first proxy.
@jobertabma They called me a mad man
https://t.co/41iBmwRYuq
@Hacker0x01 Can we put this on a t-shirt? Doesn't have to be animated.
Launching today!
Volerion transforms raw CVEs into structured and instant insights
#CVE #CyberSecurity #infosec
@alxbrsn What's the square root of 49
@slonser_ @terjanq @serverinspector Ah I see, it's always been so obvious to me that cross-origin navigations are allowed that I never thought to check. Doesn't look like any kind of cross-origin interactions are allowed either
@terjanq @slonser_ @serverinspector Under the assumption that the vulnerable page is frameable, an attacker could extract the blob URL via the technique in the original post, poll the attacker server (client-side) for the extracted blob URL, then navigate the top frame to the extracted URL
@slonser_ @serverinspector If the vulnerable page is frameable, you can poll your server (or websockets), let the browser wait for the received blob, and redirect to it. Becomes more of a dev issue at that point
@rubickcuv5 @Mr_Dark55 I'm not disputing the existence of the issue, but the original post wasn't a valid demonstration of the vulnerability🙂
@0xAsm0d3us What is this payload attempting to achieve? The confirm call is not obfuscated, making it no different than just invoking it directly
@hakluke Is it PHP code by any chance? /s
@intidc Gecondoleerd Inti, veel sterkte voor jou en je familie
@fwrnr @yaswanth__03 @Bugcrowd I should probably clarify that it doesn't "lead to open redirect". Assuming that the above applies here, then it's just incorrect usage of "open redirect" and a better title would be something along the lines of: "XSS allows page navigation"
Which is still an unusual PoC for XSS
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers