I’m zi0black, Security Researcher and Penetration Tester at Shielder. I love to turn IoT devices in expensive paperweights.
By zi0black
02/11/2020
Re-discovering a JWT Authentication Bypass in ServiceStack
ServiceStack in version 5.9.2 almost silently patched a vulnerability which allowed to bypass JWT signature.
ServiceStack JWT Exploit BAC
2
Min
By thezero & zi0black
24/10/2019
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
RCE XXE Exploit Writeup
6
We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.