Last year, GitHub had issued some CVEs for issues that affected their SAML authentication implementation, for example, you can read about CVE-2024-4985/CVE-2024-948 on ProjectDiscovery blog. I...
Thursday, February 6, 2025
Thursday, August 17, 2023
a tale of a weird WebSocket based HTTP request smuggling bug
I recently played Securinets CTF, which have hosted a Web challenge Mark4Archive by @nzeros, which required to bypass this Varnish rule:if (req.url ~ "^/api/pdf") {
# Respond...
Subscribe to:
Posts (Atom)
Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369)
Last year, GitHub had issued some CVEs for issues that affected their SAML authentication implementation, for example, you can read about CV...
-
Last year, GitHub had issued some CVEs for issues that affected their SAML authentication implementation, for example, you can read about CV...
-
I recently played Securinets CTF , which have hosted a Web challenge Mark4Archive by @nzeros , which required to bypass this Varnish rule :... -
CVE-2018-1038 aka TotalMeltdown is quite an old bug (2018) but still an awesome bug so i decided to write a decent exploit for it. The vulne...
