all InfoSec news
Mailroom HTB | Gitea | XSS | NoSqli | RCE | Exploit Development | Strace
Aug. 28, 2023, 7:23 a.m. | Aidin Naserifard
InfoSec Write-ups - Medium infosecwriteups.com
Mailroom is a challenging Linux machine that hosts a custom web app and a Gitea code repository. The web app has vulnerabilities to Cross-Site Scripting (XSS), which, when combined with Server-Side Request Forgery (SSRF) and NoSQL injection, allows credential extraction. An initial shell leads to a user’s mailbox containing a 2FA link, providing access to another protected subdomain. This subdomain’s app, running inside a Docker container, is prone to command injection. This breach offers credentials from its Git repository, …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Private Interact.sh server setup with a web dashboard
1 day, 14 hours ago |
infosecwriteups.com
Hack Stories: Hacking Hackers EP:3
3 days, 14 hours ago |
infosecwriteups.com
Mastering Shodan Search Engine
4 days, 15 hours ago |
infosecwriteups.com
Email Verification Bypass via Remember Me
4 days, 15 hours ago |
infosecwriteups.com
Typo Trouble: Exploring the Telegram Python RCE Vulnerability
4 days, 15 hours ago |
infosecwriteups.com
Active DNS Recon using AXIOM
4 days, 15 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Researcher, SIEM
@ Huntress | Remote Canada
Senior Application Security Engineer
@ Revinate | San Francisco Bay Area
Cyber Security Manager
@ American Express Global Business Travel | United States - New York - Virtual Location
Incident Responder Intern
@ Bentley Systems | Remote, PA, US
SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May
@ EMW, Inc. | Mons, Wallonia, Belgium