-
The budgeting for exfiltration is now based on site instead of origin. It seems that this spec is out of date.
-
Not my idea, but a continuation of [this discussion](https://github.com/zedeus/nitter/issues/919#issuecomment-1629393064) to keep the main issue thread clear.
@zedeus Feel free to close this issue …
-
-
In the saml2/login endpoint when using 3rd party SSO, the idp parameter is vulnerable to cross-site scripting injection due to insufficient input sanitization.
Proof of Concept:
Visit the URL end…
-
After updating the requirements.txt document for the initial install / setup of shennina, I attempted to start the exfiltration-server, following the below steps:
cd ./exfiltration-server
./run-serv…
-
-
PDF Blind XSS payloads
https://portswigger.net/research/portable-data-exfiltration
-
An attacker who manages to gain control of the `sd-app` VM (or exclusively of the client application within it) could attempt to create a new source via the news organization's source interface, and t…
-
> Azure Machine Learning has several inbound and outbound dependencies. Some of these dependencies can expose a data exfiltration risk by malicious agents within your organization. This document expla…
-
Allow users to utilize DNS as a data exfiltration tool using various record formats and tun/tap to create virtual tunnel interfaces on the server.