corben.io

corben.io


infosec write-ups and ramblings

Tags


Corben Leo

infosec write-ups and ramblings


Advanced CORS Exploitation Techniques

I've seen some fantastic research done by Linus Särud and by Bo0oM on how Safari's handling of special characters could be abused. https://labs.detectify.com/2018/04/04/host-headers-safari/https://lab.wallarm.com/the-good-the-bad-and-the-ugly-of-safari-in-client-side-attacks-56d0cb61275aBoth article…

Corben Leo Corben Leo

Chaining Bugs to Steal Yahoo Contacts!

👨🏻‍💻 Introduction & Background:This is a write-up of how I chained two vulnerabilities (an XSS and a CORS misconfiguration) that allowed me to steal contacts from a victim's contact book. This data included: names, phone numbers, addresses, etc. ✗ Cross-Origin-Resource SharingCross-Origin Res…

Corben Leo Corben Leo