Thursday, February 6, 2025

Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369)

Last year, GitHub had issued some CVEs for issues that affected their SAML authentication implementation, for example, you can read about CVE-2024-4985/CVE-2024-948 on ProjectDiscovery blog. I...

Thursday, August 17, 2023

a tale of a weird WebSocket based HTTP request smuggling bug

I recently played Securinets CTF, which have hosted a Web challenge Mark4Archive by @nzeros, which required to bypass this Varnish rule:if (req.url ~ "^/api/pdf") {     # Respond...

Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369)

Last year, GitHub had issued some CVEs for issues that affected their SAML authentication implementation, for example, you can read about CV...