Today I would like to tell you about one interesting chain of low-impact vulnerabilities, which led me to exploitation of full XSS. Also, at the end of the article I will show you an HTML-page that was the final exploit. In order to execute the reflected XSS, I’ve used together vulnerabilities such as ClickJacking, CSRF and self-DOM-based XSS.
Hello everyone. This is my second blog post where I want to tell how I managed to get Blind Local SSRF (P2) instead of External SSRF (P4). Unfortunately, I can’t disclose the vulnerable application, so instead of some screenshots I will be using cute kittens or funny gifs.
Often, when you write the code, which is responsible for file uploading, you check the extensions of downloaded file with using “whitelist” (when you can upload only files with certain extensions) or “blacklist” (when you can upload any files which are not included in the list).