Security writeups from researchers for researchers

We scan, we hack, we write about it. New interesting vulnerabilities, attack techniques, tools and bug bounty tips.

Log in Subscribe

Home
About

Dawid Moczadło

Next.js 14 from a hacker's perspective

Next.js 14 from a hacker's perspective

Next.js 14 (and 13) introduced many attack vectors without providing the tooling necessary for organizations to detect them. It is easier than ever before to expose server secrets, introduce unauthenticated "endpoints" or any other issue that will make you vulnerable

Dawid Moczadło

30 Oct 2023 · 4 min read

Escalating debug mode in Django to RCE, SSRF, SQLi

Escalating debug mode in Django to RCE, SSRF, SQLi

Security implications of DEBUG=true in Django. Learnings from an ethical hacker's perspective

Dawid Moczadło

24 Oct 2023 · 3 min read

Hacking Swagger-UI - from XSS to account takeovers

Hacking Swagger-UI - from XSS to account takeovers

We have reported more than 60 instances of this bug across a wide range of bug bounty programs including companies like Paypal, Atlassian, Microsoft, GitLab, Yahoo, ...

Dawid Moczadło

16 May 2022 · 10 min read

© 2023 Vidoc Security Lab. All rights reserved.