Impact, Exploitation, and Recommended Mitigation Measures — Summary When an application permits user-supplied input to be used in a template that is displayed on the client-side, a vulnerability known as Client Side Template Injection (CSTI) arises. This may result in the execution of arbitrary code inside the boundaries of the compromised application. Description It is similar to Server Side…

Summary: Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. …

Hi! I’m Aswin,security researcher and a penetration tester.Here we are discussing reflected XSS in a private bug bounty program. On the website https://xyz.redacted.com/a6, when you attempt to access secret sections,The URL on the parameter “win” redirects you to a login page with values from the URL mirrored in the DOM. …

Hello everyone, I found a flaw that gave me access to user accounts by using Unicode normalization during my security analysis of the web application. Summary: A system security vulnerability that allows attackers to perform an account takeover attack.The problem comes as a result of the system’s absence of sufficient Unicode…

A Bug Bounty Report on the Risks of Unvalidated URL Redirections in Websites and Applications — When a person is given power over a redirect or forward to another URL by an application, this is known as an open redirect vulnerability. If the programme doesn’t check untrusted user input, a hacker may provide a URL that takes a gullible victim away from a trustworthy domain and…

Discovering and addressing a critical security flaw — I found a Stored DOM XSS vulnerability when testing the web application. The online application has an area where users may enter data to be stored in the database and presented on subsequent pages, where the vulnerability is located. An attacker may use this flaw to run arbitrary code in…

How a Single Email Can Compromise Your Security — A vulnerability known as SMTP Injection enables an attacker to insert SMTP instructions into an SMTP transaction, giving them access to sensitive data or enabling them to send emails without authorization. An attacker might use this flaw to do a number of criminal acts, including stealing confidential information or jeopardising…

A Critical Security Flaw Exposing the Application to LDAP Injection Attacks — Summary: This vulnerability has the potential to cause data leaking, unauthorised access, and other major security problems. To safeguard user data and system integrity, we firmly advise that this problem be given prompt attention and resolution. Vulnerability Details: LDAP (Lightweight Directory Access Protocol) injection is a code injection technique that…

High-severity vulnerability enables unauthorized access and potential data leakage. — Summary: This bug bounty report highlights a critical URN (Uniform Resource Name) Injection vulnerability . Exploiting this vulnerability allows unauthorized access to sensitive resources and potentially results in data leakage. Immediate attention and mitigation measures are necessary to safeguard the system’s integrity and protect user information.

Unauthorized Access and Data Leakage via Union-Based SQL Injection — Summary: This vulnerability allows an attacker to run arbitrary SQL queries on the application’s database, which might result in unapproved access, data leaking, or even total system penetration. The technical information about the vulnerability, its effects, and suggested countermeasures are included in the report that follows.