Hacker News new | past | comments | ask | show | jobs | submit | albinowax_'s submissions login

1. Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information (embracethered.com) 4 points by albinowax_ 3 months ago | past 2. Chaining Three Bugs to Access All Your ServiceNow Data (assetnote.io) 2 points by albinowax_ 5 months ago | past 3. ORM Leak Vulnerabilities (elttam.com) 1 point by albinowax_ 5 months ago | past 4. Hacking millions of modems and investigating who hacked my modem (samcurry.net) 838 points by albinowax_ 6 months ago | past | 273 comments 5. Getting XXE in Web Browsers Using ChatGPT (ptsecurity.com) 1 point by albinowax_ 6 months ago | past 6. Response Filter Denial of Service: shut down a website by triggering WAF rule (sicuranext.com) 95 points by albinowax_ 6 months ago | past | 26 comments 7. Source Code Disclosure in Asp.net via Cookieless Sessions (ptsecurity.com) 1 point by albinowax_ 9 months ago | past 8. ChatGPT Account Takeover via Wildcard Web Cache Deception (nokline.github.io) 4 points by albinowax_ 10 months ago | past 9. Detection and Exploitation of Ivanti's Pulse Connect Secure RCE (assetnote.io) 1 point by albinowax_ 10 months ago | past 10. The curl quirk that exposed Burp Suite and Google Chrome (portswigger.net) 1 point by albinowax_ on March 28, 2023 | past | 1 comment 11. Remote code execution in Homebrew by compromising the official Cask repository (ryotak.me) 4 points by albinowax_ on April 21, 2021 | past 12. Brave browser’s Tor feature found to leak .onion queries to ISPs (portswigger.net) 2 points by albinowax_ on Feb 19, 2021 | past 13. Cracking reCAPTCHA, Turbo Intruder Style (portswigger.net) 1 point by albinowax_ on Nov 21, 2019 | past 14. The age of browser XSS filters is over (portswigger.net) 3 points by albinowax_ on July 16, 2019 | past 15. Significant new web hacking techniques from 2018 (portswigger.net) 1 point by albinowax_ on Feb 28, 2019 | past 16. Abusing Meta Programming for Unauthenticated RCE in Jenkins (blog.orange.tw) 1 point by albinowax_ on Feb 19, 2019 | past 17. Turbo Intruder: Embracing the Billion-Request Attack (portswigger.net) 2 points by albinowax_ on Jan 28, 2019 | past 18. An overview of the top web hacking techniques of 2017 (portswigger.net) 144 points by albinowax_ on Oct 11, 2018 | past | 11 comments 19. Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirects great (bentkowski.info) 2 points by albinowax_ on July 24, 2018 | past 20. Exploiting Open-XChange with Blind XXE via Powerpoint Files (hackerone.com) 1 point by albinowax_ on July 23, 2018 | past 21. Detecting Same-Origin Redirections with a Bug in Firefox's CSP Implementation (shift-js.info) 1 point by albinowax_ on July 23, 2018 | past 22. Cloudflare, Fastly, Mozilla and Apple Working on SNI Encryption for TLS 1.3 (ietf.org) 3 points by albinowax_ on July 20, 2018 | past 23. Evading CSP with DOM-based dangling markup (portswigger.net) 1 point by albinowax_ on July 20, 2018 | past 24. XSS protection disappears from Microsoft Edge (portswigger.net) 1 point by albinowax_ on July 19, 2018 | past 25. Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution (bishopfox.com) 2 points by albinowax_ on June 14, 2018 | past 26. What website are you really on? Edge zero-day leaves users with no clue (portswigger.net) 2 points by albinowax_ on May 3, 2018 | past 27. CSS-in-JS security issues (reactarmory.com) 2 points by albinowax_ on Sept 5, 2017 | past 28. JSON hijacking for the modern web (portswigger.net) 3 points by albinowax_ on Nov 29, 2016 | past 29. Exploiting CORS Misconfigurations for Bitcoins and Bounties (portswigger.net) 1 point by albinowax_ on Oct 18, 2016 | past 30. Angular 1.6 – Expression Sandbox Removal (angularjs.blogspot.com) 3 points by albinowax_ on Sept 8, 2016 | past More

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: