corben.io

corben.io


infosec write-ups and ramblings

Tags


Corben Leo
Author

Corben Leo

Advanced CORS Exploitation Techniques

I've seen some fantastic research done by Linus Särud and by Bo0oM on how Safari's handling of special characters could be abused. https://labs.detectify.com/2018/04/04/host-headers-safari/https://lab.wallarm.com/the-good-the-bad-and-the-ugly-of-safari-in-client-side-attacks-56d0cb61275aBoth article…

Corben Leo Corben Leo

Chaining Bugs to Steal Yahoo Contacts!

👨🏻‍💻 Introduction & Background:This is a write-up of how I chained two vulnerabilities (an XSS and a CORS misconfiguration) that allowed me to steal contacts from a victim's contact book. This data included: names, phone numbers, addresses, etc. ✗ Cross-Origin-Resource SharingCross-Origin Res…

Corben Leo Corben Leo