This post will be updated with more information soon. A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. Proof-of-Concept: By utilizing the built-in markdown editing, Continue Reading
As of lately, I’ve been trying to level-up my Web App knowledge by going through some Portswigger Web Academy labs and articles. Recently, I’ve just finished the 30 labs required to complete the Cross-Site Scripting (XSS) section, and have really been enjoying it. Since I’ve had a couple people ask Continue Reading
Backstory: During my summer “break” at college, I decided to take on a security related project. I was trying to think of something fun and semi-useful for myself, but I couldn’t think of anything interesting to do off the top of my head. As I was currently enrolled in a Continue Reading
PREP Gathering some good ol’ links here that should be beneficial in some way for my pursuit of the OSCP. Got many of these links from other people and from scrolling through reddit r/asknetsec, r/netsecstudents.