InfoSec Blog

zi0black

I’m zi0black, Security Researcher and Penetration Tester at Shielder. I love to turn IoT devices in expensive paperweights.

ServiceStack JWT signature verification bypass

02/11/2020

Re-discovering a JWT Authentication Bypass in ServiceStack

ServiceStack in version 5.9.2 almost silently patched a vulnerability which allowed to bypass JWT signature.

ServiceStack JWT Exploit BAC

2

Min

XXE to RCE via XML file opening

By thezero & zi0black

24/10/2019

Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

RCE XXE Exploit Writeup

6

Min

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.