pspaul
@pspaul95.bsky.social
📤 60
📥 133
📝 5
reposted by
pspaul
SonarResearch
about 1 month ago
Using SonarQube to solve a CTF challenge? Done! ✅ Learn how we detected a 0-day vulnerability during
#KalmarCTF
, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading:
www.sonarsource.com/blog/code-se...
#appsec
#CTF
#vulnerability
loading . . .
https://www.sonarsource.com/blog/code-security-for-conversational-ai-uncovering-a-zip-slip-in-eddi?utm_medium=social&utm_source=bluesky&utm_campaign=research&utm_content=blog-eddi-zip-slip-250916-&utm_term=---all&s_category=Organic&s_source=Social%20Media&s_origin=social
0
3
1
reposted by
pspaul
SonarResearch
4 months ago
🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” blog series comes to an end with one more thing. Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec
#security
loading . . .
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privil...
https://www.sonarsource.com/blog/caught-in-the-fortinet-how-attackers-can-exploit-forticlient-to-compromise-organizations-3-3?utm_medium=social&utm_source=bluesky&utm_campaign=research&utm_content=blog-caught-in-the-fortinet-080725-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=social
0
3
2
reposted by
pspaul
SonarResearch
4 months ago
📁🫷🚧Can't control the extension of a file upload, but you want an XSS? Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:
www.sonarsource.com/blog/caught-...
#appsec
#vulnerability
#bugbountytips
loading . . .
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article...
https://www.sonarsource.com/blog/caught-in-the-fortinet-how-attackers-can-exploit-forticlient-to-compromise-organizations-2-3?utm_medium=social&utm_source=bluesky&utm_campaign=research&utm_content=blog-caught-in-the-fortinet-260625-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=social
0
1
1
Great bug chain by my team mate Yaniv that can pwn a whole org, starting with a single user click! I was also able to contribute a bit by creating my first port of a Chrome n-day exploit :)
add a skeleton here at some point
4 months ago
0
0
0
reposted by
pspaul
SonarResearch
4 months ago
Catch our second talk at
#TROOPERS25
: 🕸️ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click
0
4
1
reposted by
pspaul
SonarResearch
4 months ago
Coming to
#TROOPERS25
this week? We'll be there too, presenting our research! 🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language
@pspaul95.bsky.social
will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today
0
4
2
This was a fun one to discover! SQL syntax can be ambiguous, and MySQL anticipated this a long time ago. Other SQL dialects stuck to the spec, leading to SQL injection when the right stars align:
add a skeleton here at some point
5 months ago
0
1
0
reposted by
pspaul
SonarResearch
6 months ago
📊⚠️ Data in danger! We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec
#security
#vulnerability
loading . . .
Data in Danger: Detecting Cross-Site Scripting in Grafana
Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.
https://www.sonarsource.com/blog/data-in-danger-detecting-xss-in-grafana-cve-2025-2703/?utm_medium=social&utm_source=bluesky&utm_campaign=research&utm_content=blog-grafana-xss-2404-&utm_term=---all&s_category=Organic&s_source=Social%20Media&s_origin=social
0
3
2
reposted by
pspaul
Rebane
7 months ago
"wow, this css property would be amazing for my css crime, i wonder what the browser support is looking like"
1
42
4
Ever wondered what the Alt-Svc header is used for? Well, it can make you a MitM if you control it! I can finally publish the writeup to my GymTok challenge: control the header, become MitM, and perform a cross-protocol attack!
blog.pspaul.de/posts/gymtok...
loading . . .
GymTok: Breaking TLS Using the Alt-Svc Header
Ever wondered what the Alt-Svc response header is used for? Turns out it can be used to become a Man-in-the-Middle and attack TLS!
https://blog.pspaul.de/posts/gymtok-breaking-tls-with-alt-svc/
8 months ago
0
2
2
Wow, thanks for 2nd place! Didn't expect this, maybe it's my sign to finally write it down in text form and tackle all the follow-up ideas 👀
add a skeleton here at some point
9 months ago
1
8
1
you reached the end!!
feeds!
log in
