Sono zi0black, Security Researcher e Penetration Tester presso Shielder.
Mi piace trasformare i dispositivi IoT in costosi fermacarte.
Re-discovering a JWT Authentication Bypass in ServiceStack
ServiceStack in version 5.9.2 almost silently patched a vulnerability which allowed to bypass JWT signature.
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.