Tag - web
Creating a Malicious Atlassian Plugin
Exploring the world of a possible supply chain attack, resulting in a compromised, malicious Confluence plugin
Auditing Atlassian Plugins, 53 0-Days Later
Explaining the process and tooling behind our way of auditing Atlassian plugins, 53 0Days later.
Collabora Online Stored XSS (CVE-2024-29182)
A Writeup for a Stored XSS we found in Collabora Online - CVE-2024-29182
COMfiltrat0r - Exfiltration via WebSerial
During a Data Loss Prevention audit, cyllective managed to find a way to copy files off a Windows computer that had USB storage blocked - introducing COMfiltrat0r
Auditing WordPress Plugins
A summarized post about security research of WordPress plugins and the explorational audit spree which followed
OctoberCMS Authenticated RCE (CVE-2022-21705)
Join us in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
OctoberCMS Authenticated RCE (CVE-2021-32649)
Follow along in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
Plone Authenticated RCE (CVE-2021-32633)
Join the journey into Plone CMS that lead us to discover an authenticated RCE vulnerability