Exploits Explained: Permission misconfiguration within Salesforce JavaScript Remoting tokens used for Apex Controllers | allinfosecnews.com

April 21, 2023, 2:38 p.m. | SRT Community

Synack www.synack.com

Mahmoud Gamal is a member of the Synack Red Team. During a late-night hacking session, I tested a website built using the Salesforce Visualforce platform. This website allowed users to enter an application, submit it and retrieve the entry later by providing the reference number and password. While submitting an application, I noticed that there […]

The post Exploits Explained: Permission misconfiguration within Salesforce JavaScript Remoting tokens used for Apex Controllers appeared first on Synack.

apex application bugs and breaches controllers entry explained exploits exploits explained featured hackers hacking javascript misconfiguration password permission permission misconfiguration platform red team reference salesforce session synack synack red team team tokens website

More from www.synack.com / Synack

Unmasking the Cyber Threat Within: Federal Government and DOD Grapple with Sleeper Cells 1 week ago | www.synack.com

adversaries cyber cyber threat defenders +19

Synack on the Azure Cloud Marketplace: Elevating Cloud Security 1 week, 1 day ago | www.synack.com

access azure azure cloud cloud +27

Multi-factor Authentication Bypass Examples via Response Tampering 3 weeks ago | www.synack.com

accounts attackers attacks authentication +23

Beyond Blind Trust: The Imperative of Zero Trust for Federal Agencies 3 weeks, 1 day ago | www.synack.com

beyond clock current cybersecurity +17

Organisations Evaluate Security Testing & Vulnerability Management as Compliance Deadline for NIS2 Approaches 1 month, 1 week ago | www.synack.com

business risk case compliance cyber +19

Asset Insights: A Look into Shadow IT and Other Rogue Assets 1 month, 2 weeks ago | www.synack.com

asset asset insights assets connected +22

White House Advisory Groups Stress Need for Proactive Security Testing 1 month, 3 weeks ago | www.synack.com

advisors advisory back council +20

Synack Launches Trust Center for Streamlined Security Information 2 months ago | www.synack.com

business risk center concept driving +11

Synack & Carahsoft: Working Together to Deliver Strategic Security Testing for the Public Sector 2 months ago | www.synack.com

alerts carahsoft critical critical systems +26

Expert Global Security Solutions Specialist

@ CHS Inc. | Inver Grove Heights, MN, US, 55077-1721

View on infosec-jobs.com

Security Operations Senior Associate - Perimeter Response

@ JPMorgan Chase & Co. | Houston, TX, United States

View on infosec-jobs.com

Cybersecurity Engineer IV

@ ManTech | 203O - CustomerSite,Washington,DC

View on infosec-jobs.com

Senior Site Reliability Engineer - Security

@ Klaviyo | Boston, MA

View on infosec-jobs.com

Information Security Specialist (Cloud Security)

@ Vertiv | Philippines

View on infosec-jobs.com

Business Value Consultant

@ Sumo Logic | United States

View on infosec-jobs.com