SSRF

XXE
December 5th, 2018

XSS to XXE in Prince v10 and below (CVE-2018-19858)

Introduction:This is a vulnerability I found while participating in a bug-bounty program earlier this year. It affects Prince, a software that converts "HTML, XHTML, or one of the many XML-based document formats" to PDF. SummaryPrince (versions 10 and below) is vulnerable to XML External Entities (X…

Corben Leo

SSRF
December 17th, 2017

Hacking the Hackers: Leveraging an SSRF in HackerTarget

💻 Introduction:This is a write-up of an SSRF I accidentally found in HackerTarget and leveraged to get access to internal services! Please note that they don't have an active bug bounty program. 🤔 What is HackerTarget?HackerTarget is a service that provides access to online vulnerability scanners…

Corben Leo

corben.io

Tags

SSRF

XSS to XXE in Prince v10 and below (CVE-2018-19858)

Hacking the Hackers: Leveraging an SSRF in HackerTarget