The first XSPA/SSRF bug that led to the discovery of this issue in other applications and eventually a paper that was presented at multiple conferences.
The first XSPA/SSRF bug that led to the discovery of this issue in other applications and eventually a paper that was presented at multiple conferences.
A quick video post showing the XSPA/SSRF bug found with Adobe’s Omniture web application. This bug allowed for local file reads apart from being able to make arbitrary network requests.
This is the third post in the 3 part series that explains XSPA, the attacks and possible countermeasures. In this post we will see other interesting attacks and also see how developers can prevent XSPA or limit the attack surface itself.
This is the second post in the 3 part series that explains XSPA, the attacks and possible countermeasures.
Cross Site Port Attack (XSPA) is a vulnerability that allows attackers to fetch status of TCP ports (and grab service banners) over the Internet or internal systems by abusing a feature in web applications that makes HTTP requests using attacker supplied URLs.
Bug writeup for a CSRF vulnerability in Twitter that allowed an attacker to trick a user into deleting the addressbook remotely.
Writeup of the Capture the Flag event at c0c0n 2011.
Multiple XSS and CSRF issues in Apache Archiva version 1.3.4. Disclosure blogpost.
Simple VBScript using XMLHTTP to fetch usernames from a WordPress installation using the ?author= redirect feature.
Multiple XSS reported to Joomla! CMS. CVE-2010-1649 assigned.