@djurado9 : @MrTuxracer @Xbow Some examples from recent findings, but there are many more: •Code execution via WebSocket endpoints •SpEL injection & sandbox escapes •SSTI-based payload execution •SOAP abuse to RCE •Auth bypass → code execution •JS-based injection •Hidden upload endpoints + extension • TwiCopy

djurado

@djurado9

+ Follow

Security Researcher at @xbow - Former @microsoft Activision Blizzard King - Bug Bounty Hunter hackerone.com/djurado

ID: 66974627

linkhttps://hackerone.com/djurado calendar_today19-08-2009 11:24:15

4,4K Tweet

5,5K Takipçi

660 Takip Edilen

djurado

@djurado9

8 days ago

Julien | MrTuxracer 🇪🇺 XBOW Some examples from recent findings, but there are many more: •Code execution via WebSocket endpoints •SpEL injection & sandbox escapes •SSTI-based payload execution •SOAP abuse to RCE •Auth bypass → code execution •JS-based injection •Hidden upload endpoints + extension

thumb_up_off_alt24

chat_bubble_outline4

repeat2

shareShare