[Contribution] Mozilla – HTTP Response Spliting, Reflected & Stored XSS

Posted by: Yann C.  /   Category: / Contributions / Cryptology / HRS / Opensource / Vulnerabilities, exploits and PoC   /   1 Comment
03
Apr
2017

A subdomain of Mozilla.org has several XSS vulnerabilities and an HTTP Response Splitting vulnerability.

This article illustrates the exploitation of an HRS (HTTP Response Splitting) in order to elevate it in a reflected XSS through a concrete example: Mozilla. When searching for vulnerable (sub)-domains as part of a Bug Bounty program, the subdomain dictionary attack.

Read more

[Contribution – PoC] RedHat – Credential Stealer RXSS

Posted by: Yann C.  /   Category: Contributions / Vulnerabilities, exploits and PoC / XSS   /   2 Comments
01
May
2016

The generic error page of the Red Hat customer portal suffers from a Cross-Site Scripting vulnerability to steal users credential in plaintext.

As part of my personal projects, as during my professional activity, it is not uncommon that I sign on RedHat sites to download resources (or find solutions to more or less twisted bugs.

Read more

[Contribution – PoC] Fortinet SSO IdP – Credential Stealer RXSS

Posted by: Yann C.  /   Category: Contributions / Vulnerabilities, exploits and PoC / XSS   /   No Comments
04
Mar
2016

SSO authentication page of one of Fortigate IdP presents a Cross-Site Scripting vulnerability which can be used to steal user credentials in plaintext.

Companies and current majors turn increasingly to identity federation. A central and single repository containing users credentials (login / password) like LDAP, AD, etc., a single web application centralized authentication (commonly referred to IdP for.

Read more
1234