Wow, thanks for 2nd place! Didn't expect this, maybe it's my sign to finally write it down in text form and tackle all the follow-up ideas 👀

Two weeks ago, our research on SQL Injection via Protocol Smuggling landed 2nd place in PortSwigger Research's Top 10 Web Hacking Techniques of 2024! 🥈 If you haven't seen it yet or want to chat with our researcher Paul, don't miss his presentation at RuhrSec this Friday:

Ever wondered what the Alt-Svc header is used for? Well, it can make you a MitM if you control it! I can finally publish the writeup to my GymTok challenge: control the header, become MitM, and perform a cross-protocol attack! blog.pspaul.de/posts/gymtok-b…

Beware the Cookie Monster! 🍪 We found a vulnerability in the Cyberhaven browser extension that allowed attackers to steal any cookie from their victim. Learn about the details in our latest blog post: sonarsource.com/blog/beware-th… #appsec #security #vulnerability

This reminded me that this situation can be exploited without user interaction, if you can insert svg/xml via blob XSLT has a function that allows you to get the current location

Great writeup! Really cool to see my research end up in a CTF challenge, and the solution explains details that I had to skip in my talk plus some new tricks 🔥

🦘🛜Compromising bastion host to gain full control over the internal infrastructure. Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post: sonarsource.com/blog/diving-in… #appsec #security #vulnerability

The recording is uploaded) youtu.be/lnaThR409Jg

📊⚠️ Data in danger! We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post: sonarsource.com/blog/data-in-d… #appsec #security #vulnerability

This was a fun one to discover! SQL syntax can be ambiguous, and MySQL anticipated this a long time ago. Other SQL dialects stuck to the spec, leading to SQL injection when the right stars align:

Coming to #TROOPERS25 this week? We'll be there too, presenting our research! 🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language pspaul will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today

Catch our second talk at #TROOPERS25: 🕸️ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click

Great bug chain by Yaniv Nizry that can pwn a whole org, starting with a single user click! I was also able to contribute a bit by creating my first port of a Chrome n-day exploit :)

📁🫷🚧Can't control the extension of a file upload, but you want an XSS? Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection: sonarsource.com/blog/caught-in… #appsec #vulnerability #bugbountytips

Here's my writeup the technique allowing some nonce-based CSPs to be bypassed. I think it definitely has some practical use, so included some details about different scenario's. Don't let that HTML-injection of yours wait! jorianwoltjer.com/blog/p/researc…

🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” series comes to an end with one more thing. Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS sonarsource.com/blog/caught-in… #appsec #security

Using SonarQube to solve a CTF challenge? Done! ✅ Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading: sonarsource.com/blog/code-secu… #appsec #CTF #vulnerability