corben.io

corben.io


infosec write-ups and ramblings

Tags


Corben Leo

infosec write-ups and ramblings


Advanced CORS Exploitation Techniques

I've seen some fantastic research done by Linus Sรคrud and by Bo0oM on how Safari's handling of special characters could be abused. https://labs.detectify.com/2018/04/04/host-headers-safari/https://lab.wallarm.com/the-good-the-bad-and-the-ugly-of-safari-in-client-side-attacks-56d0cb61275aBoth article…

Corben Leo Corben Leo

Chaining Bugs to Steal Yahoo Contacts!

๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ป Introduction & Background:This is a write-up of how I chained two vulnerabilities (an XSS and a CORS misconfiguration) that allowed me to steal contacts from a victim's contact book. This data included: names, phone numbers, addresses, etc. โœ— Cross-Origin-Resource SharingCross-Origin Res…

Corben Leo Corben Leo

SQL Injection in rog.asus.com

๐Ÿ”Ž Introduction & BackgroundTo get started, I'll give a bit of backstory behind this. I found this bug back in January of 2017 and was one of the first reports I made to a company. I was bored back in January so I decided to hunt for bugs in *.asus.com. After about an hour I came across rog.as…

Corben Leo Corben Leo