-
Hello!
This library has security issues with algorithm confusion.
The attacker can use the RSA public key and encrypt the JWT using the HMAC algorithm to bypass the verification.
poc:
```c
#inclu…
-
Hi
It looks like this version of the extension is significantly ahead of the published BApp Store version.
If you'd like to update the extension in the BApp Store, please create a pull request a…
-
https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-race-condition
Vulnerable file upload check mechanisms:
- Resursively check and strip dangerous file types whi…
-
**('NoneType' object is not iterable) Error Message in Batch Attack**
The issue brought up to surface, when performing a Batch Attack in a **Portswigger** lab, Till then, I was not quite sure if t…
-
This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html
Thier implementation is open source: https://github.com/Po…
-
Hello,
Attempting to use the Backslash Powered Scanner with Burp Enterprise 2024.5.1. We get the following error when attempting to run a scan with the app enabled:
```
SQL: SELECT config_valu…
-
- Site: [https://www.zaproxy.org](https://www.zaproxy.org)
**New Alerts**
- **PII Disclosure** [10062] total: 2:
- [https://www.zaproxy.org/docs/desktop/addons/websockets/pscanrules/](https:…
-
- Site: [http://www.zaproxy.org](http://www.zaproxy.org)
- Site: [https://www.zaproxy.org](https://www.zaproxy.org)
**New Alerts**
- **PII Disclosure** [10062] total: 2:
- [https://www.zap…
-
https://portswigger.net/daily-swig/us-food-importer-atalanta-admits-ransomware-attack
-
You might want to look at this:
https://portswigger.net/bappstore/ShowBappDetails.aspx?uuid=6e0b53d8c801471c9dc614a016d8a20d
https://github.com/h3xstream/http-script-generator