Invision Power Board is a very popular paid forum software. I decided to audit it and initially found a few stored XSS vulnerabilities in the admin panel, all had a low impact, so I didn't report them. I then came across the Announcements function in the Moderator Control Panel. Essentially this fun…
Corben Leo
I was pentesting AT&T to see if I could find a vulnerability (as one does), around 4-5 days after CVE-2017-5638 was released. Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 are vulnerable to Server-Side Template Injection, which allows attackers to execute commands on any vulne…
Corben Leo
I got bored one day and somehow thought of AOL for some reason, so I decided to see if I could find any vulnerabilities in mail.aol.com. Initially I tried looking in the signature, since it allowed HTML. I did find an XSS there, but it was self-xss, because when you sent an email with the malicious…
Corben Leo
So you’ve found a page that’s vulnerable to Local File Inclusion: You do some testing to leverage this vulnerability to RCE, but nothing's working. Null bytes don't work, /proc/self/environ doesn't work, and wrappers that lead to RCE such as data:// or php://input do not work either. Don't give up…
Corben Leo