Security writeups from researchers for researchers

We scan, we hack, we write about it. New interesting vulnerabilities, attack techniques, tools and bug bounty tips.

Log in Subscribe

Home
About

Why you never get Reflected XSS to execute: Balancing Payloads

Why you never get Reflected XSS to execute: Balancing Payloads

Beginners guide to Reflected XSS. Everyone talks about the different XSS cheatsheets, and then you are supposed to try them one by one to see if any of the payloads get executed on your target. We don't like that. It's time-consuming and a mindless task.

Oriana Olivetti

20 Feb 2024 · 4 min read

AWS S3 Bucket Takeover - how to find it and maximize impact?

AWS S3 Bucket Takeover - how to find it and maximize impact?

The impact of an AWS S3 Bucket Takeover can range from none, account takeover, and even up to RCE. In this article, we’ll tell you how to find it and maximize its impact

Greg

10 Jan 2024 · 6 min read

Security of new features in Next.js 14 - Server Actions, Taints

Security of new features in Next.js 14 - Server Actions, Taints

Next.js 14 (and 13) introduced many attack vectors without providing the tooling necessary for organizations to detect them. It is easier than ever before to expose server secrets, introduce unauthenticated "endpoints" or any other issue that will make you vulnerable

Dawid Moczadło

30 Oct 2023 · 5 min read

© 2024 Vidoc Security Lab - blog. All rights reserved.