ZephrSec - Adventures In Information Security
  • About Andy Gill/ZephrFish
  • Podcast
  • My Books
  • LTR101 Posts
  • ZtH Posts
  • Photo Blog
Sign in Subscribe

injection

A collection of 4 posts
Leveraging Expression Language Injection (EL/OGNL Injection) for RCE
bugbounty Featured

Leveraging Expression Language Injection (EL/OGNL Injection) for RCE

Expression Language injection or EL Injection for short is an attack vector I'd never heard of until recently. This post talks about leveraging EL for RCE.
Apr 6, 2019 3 min read
Blind XXE - Hunting in the Dark
learning

Blind XXE - Hunting in the Dark

Before getting into the post, this isn't anything brand new or leet in the area of XML External Entity (Blind XXE) attacks, it is purely something I came across and wanted to share. The tl;dr to start off is essentially: * Found an XXE bug that was blind meaning that
Jul 7, 2017 11 min read
CSV Injection -> Meterpreter on Pornhub
bugbounty

CSV Injection -> Meterpreter on Pornhub

This post will discuss an issue I found regarding CSV injection on Pornhub.com, allowing a remote attacker to inject malicious code into video titles resulting in potential full compromise of content creators and other users. Note: Pornhub have advised that they will no longer be rewarding for this type
Jul 29, 2016 2 min read
CSV Injection Revisited - Making Things More Dangerous(and fun)
bugbounty

CSV Injection Revisited - Making Things More Dangerous(and fun)

In this post, I will discuss several methods and remediation steps that can be used to help escape and mitigate CSV [https://support.office.com/en-gb/article/Import-or-export-text-txt-or-csv-files-5250ac4c-663c-47ce-937b-339e391393ba] (Comma separated values) injection type attacks. For those of you who may not know what CSV injection is or how it occurs,
Jul 22, 2016 4 min read
Page 1 of 1
ZephrSec - Adventures In Information Security © 2023
  • Donate
  • Github
  • Twitter
  • LinkedIn
  • Photo Blog
Powered by Ghost