all InfoSec news
Exploiting SSRF in PDF HTML Injection: Basic and Blind
Jan. 23, 2024, 4:40 p.m. | Joward
InfoSec Write-ups - Medium infosecwriteups.com
On a recent application assessment, I encountered an endpoint that would take HTML from user input and generate a PDF from it. I knew that it was possible to perform SSRF by inserting an iframe, but I wanted to know how this would be abused in more complex scenarios. How about resources on different servers? How does CORS effect exploitation? What if I didn’t have access to the request response? I started exploring these in a bit more …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Private Interact.sh server setup with a web dashboard
1 day, 13 hours ago |
infosecwriteups.com
Hack Stories: Hacking Hackers EP:3
3 days, 13 hours ago |
infosecwriteups.com
Mastering Shodan Search Engine
4 days, 14 hours ago |
infosecwriteups.com
Email Verification Bypass via Remember Me
4 days, 14 hours ago |
infosecwriteups.com
Typo Trouble: Exploring the Telegram Python RCE Vulnerability
4 days, 14 hours ago |
infosecwriteups.com
Active DNS Recon using AXIOM
4 days, 14 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Researcher, SIEM
@ Huntress | Remote Canada
Senior Application Security Engineer
@ Revinate | San Francisco Bay Area
Cyber Security Manager
@ American Express Global Business Travel | United States - New York - Virtual Location
Incident Responder Intern
@ Bentley Systems | Remote, PA, US
SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May
@ EMW, Inc. | Mons, Wallonia, Belgium