Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899 & CVE-2023-36560)

Anchor Tag XSS Exploitation in Firefox with Target=”_blank”

My MDSec Blog Posts so far in 2020/2021!

More research on .NET deserialization

ASP.NET resource files (.RESX) and deserialization issues

MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint Online

SMB hash hijacking & user tracking in MS Outlook

Rare ASP.NET request validation bypass using request encoding

Request encoding to bypass web application firewalls

CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers

Analysis of setting cookies for third party websites in different browsers

IIS Short File Name Disclosure is back! Is your server vulnerable?

Upload a web.config File for Fun & Profit

Even uploading a JPG file can lead to Cross-Site Content Hijacking (client-side attack)!

Catch-up on Flash XSS exploitation Part 3 – XSS by embedding a flash file

Yahoo bug bounty program – LFI reported and patched!

Catch-up on Flash XSS exploitation Part 2 – “navigateToURL” and “jar:” protocol!

Microsoft XMLDOM in IE can divulge information of local drive/network in error messages – XXE

IE/Firefox Redirection Issue – FB Oauth2 Bypass – BugCrowd

File in the hole! – HackPra slides

IE9 Self-XSS Blackbox Protection bypass

Microsoft IIS tilde character “~” Vulnerability/Feature – Short File/Folder Name Disclosure

Sometimes no Ninja skill is required to receive money from security bug bounty programs!

Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)

IIS5.1 Directory Authentication Bypass by using “:$I30:$Index_Allocation”

Opera Browser – Scroll Information Leakage

Cross Site URL Hijacking by using Error Object in Mozilla Firefox

IE7-8 drive list enumeration!

Microsoft IIS Semi-Colon Vulnerability

Cookies