corben.io

corben.io


infosec write-ups and ramblings

Tags


Corben Leo
Author

Corben Leo

Advanced CORS Exploitation Techniques

I've seen some fantastic research done by Linus Sรคrud and by Bo0oM on how Safari's handling of special characters could be abused. https://labs.detectify.com/2018/04/04/host-headers-safari/https://lab.wallarm.com/the-good-the-bad-and-the-ugly-of-safari-in-client-side-attacks-56d0cb61275aBoth article…

Corben Leo Corben Leo

Chaining Bugs to Steal Yahoo Contacts!

๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ป Introduction & Background:This is a write-up of how I chained two vulnerabilities (an XSS and a CORS misconfiguration) that allowed me to steal contacts from a victim's contact book. This data included: names, phone numbers, addresses, etc. โœ— Cross-Origin-Resource SharingCross-Origin Res…

Corben Leo Corben Leo

SQL Injection in rog.asus.com

๐Ÿ”Ž Introduction & BackgroundTo get started, I'll give a bit of backstory behind this. I found this bug back in January of 2017 and was one of the first reports I made to a company. I was bored back in January so I decided to hunt for bugs in *.asus.com. After about an hour I came across rog.as…

Corben Leo Corben Leo