A developer's notes in the world of security research and bug bounty, by pmnh
open-menucloseme
Home
About
github twitter rss

  • Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API

    calendar Jun 29, 2023 · 16 min read · writeup xss graphql hackerone  ·
    Share on: twitter facebook linkedin copy

    Stored XSS to Account Takeover (ATO) via GraphQL API Late last year on HackerOne during an LHE (this is only important later due to an extreme time crunch), I found an extremely challenging vulnerability on a major brand's web site involving several layers of exploitation ultimately resulting in a stored XSS payload …


    Read More

  • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass

    calendar Dec 4, 2022 · 10 min read · writeup rce bugcrowd waf  ·
    Share on: twitter facebook linkedin copy

    Summary This writeup talks about a successful collab that I did with Dark9T (@UsmanMansha) on a private program hosted on Bugcrowd. We ended up able to bypass Akamai WAF and achieve Remote Code Execution (P1) using Spring Expression Language injection on an application running Spring Boot. This was the 2nd RCE via SSTI …


    Read More

Disclaimer

The opinions expressed on this site are my own personal opinions and do not represent my employer’s view in any way. All content on this site should be used for legal, research purposes only on assets you are permitted to test. The author expressly disclaims any and all liability from misuse of material on this site.

Featured Posts

  • Howto: Use Burp Hackvertor Plugin to Re-sign Requests
  • Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API
  • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass

Recent Posts

  • Howto: Use Burp Hackvertor Plugin to Re-sign Requests
  • Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API
  • CTF Writeup: 2023 DeadSec CTF: Trailblazer
  • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
  • Reflecting on 2 Years of Bug Bounty
  • CTF Writeup: 2022 HTB Cyber Apolcalypse Web Challenge: Genesis Wallet
  • LuxCal 5.1.x and below Authentication Bypass: CVE-2021-45914, CVE-2021-45915
  • Advanced sqlmap Case Study

Tags

CTF 2 RCE 2 WRITEUP 2
All Tags
ADVANCED1 AUTHENTICATION1 BUGCROWD1 BURP1 CSRF1 CTF2 CVE1 GRAPHQL1 HACKERONE1 HACKVERTOR1 HOWTO1 INDEX1 LEARNING1 NODEJS1 PYTHON1 RCE2 SQLI1 SQLMAP1 TUTORIAL1 VARNISH1 WAF1 WEB1 WRITEUP2 XSS1
[A~Z][0~9]
A developer's notes in the world of security research and bug bounty, by pmnh

Copyright  A DEVELOPER'S NOTES IN THE WORLD OF SECURITY RESEARCH AND BUG BOUNTY, BY PMNH. All Rights Reserved

to-top