Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

General

20 articles

PortSwigger Research General Jan 28

Bypassing character blocklists with unicode overflows

Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte.

T1598

PortSwigger Research →

PortSwigger Research General Jan 22

Stealing HttpOnly cookies with the cookie sandwich technique

In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers.

PortSwigger Research →

PortSwigger Research General Dec 4

Bypassing WAFs with the phantom $Version cookie

HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities.

PortSwigger Research →

PortSwigger Research General Oct 29

New crazy payloads in the URL Validation Bypass Cheat Sheet

The strength of our URL Validation Bypass Cheat Sheet lies in the contributions from the web security community, and today’s update is no exception.

PortSwigger Research →

PortSwigger Research General Oct 23

Concealing payloads in URL credentials

Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL .

T1598

PortSwigger Research →

PortSwigger Research General Sep 3

Introducing the URL validation bypass cheat sheet

URL validation bypasses are the root cause of numerous vulnerabilities including many instances of SSRF, CORS misconfiguration, and open redirection.

PortSwigger Research →

PortSwigger Research General Aug 8

Gotta cache 'em all: bending the rules of web cache exploitation

Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads.

T1598

PortSwigger Research →

PortSwigger Research General Aug 7

Splitting the email atom: exploiting parsers to bypass access controls

Some websites parse email addresses to extract the domain and infer which organisation the owner belongs to. This pattern makes email-address parser discrepa...

PortSwigger Research →

PortSwigger Research General Oracle Aug 7

Listen to the whispers: web timing attacks that actually work

Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them.

PortSwigger Research →

PortSwigger Research General Apple Jul 9

Fickle PDFs: exploiting browser rendering discrepancies

Imagine the CEO of a random company receives an email containing a PDF invoice file. In Safari and MacOS Preview, the total price displayed is £399.

PortSwigger Research →

PortSwigger Research General Jul 2

A hacking hat-trick: previewing three PortSwigger Research publications coming to DEF CON & Black Hat USA

We're delighted to announce three major research releases from PortSwigger Research will be published at both Black Hat USA and DEF CON 32.

PortSwigger Research →

Mozilla Security Blog General Jun 5

Firefox will upgrade more Mixed Content in Version 127

Most of the web already supports HTTPS: In fact, 93% of requests made by Firefox are already HTTPS. As a reminder, HTTP over TLS (HTTPS) fixes the security s...

Mozilla Security Blog →

PortSwigger Research General May 29

Refining your HTTP perspective, with bambdas

When you open a HTTP request or response, what do you instinctively look for? Suspicious parameter names?

PortSwigger Research →

PortSwigger Research General May 22

Introducing SignSaboteur: forge signed web tokens with ease

Signed web tokens are widely used for stateless authentication and authorization throughout the web.

PortSwigger Research →

Mozilla Security Blog General Apr 4

Rapidly Leveling up Firefox Security

At Mozilla, we believe in an open web that is safe to use. To that end, we improve and maintain the security of people using Firefox around the world.

Mozilla Security Blog →

PortSwigger Research General Mar 5

Using form hijacking to bypass CSP

In this post we'll show you how to bypass CSP by using an often overlooked technique that can enable password theft in a seemingly secure configuration. What...

PortSwigger Research →

PortSwigger Research General Oracle Jan 23

Hiding payloads in Java source code strings

In this post we'll show you how Java handles unicode escapes in source code strings in a way you might find surprising - and how you can abuse them to concea...

PortSwigger Research →

PortSwigger Research General Dec 12

Finding that one weird endpoint, with Bambdas

Security research involves a lot of failure.

PortSwigger Research →

Mozilla Security Blog General Dec 6

Mozilla VPN Security Audit 2023

To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that ...

Mozilla Security Blog →

PortSwigger Research General Dec 5

Blind CSS Exfiltration: exfiltrate unknown web pages

This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works.

T1041

PortSwigger Research →

«Previous page 1 ... 161 162 163 164 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA