👩‍💻IW Weekly #120: Mass Request Smuggling, 1000$ Open Redirect, CSS Injection, Jupyter Auth Token Leak, CrowdStrike Issue and many more...

Welcome to the #IWWeekly120 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Look through the intriguing tale of how a missing charset attribute can prone an application to XSS attacks by @sonarsource. 
2. Read to understand how @trufflesec discovered hundreds of publicly-exposed Jenkins servers due to leaked secrets.
3. Get insights into the collaborative finding of @sw33tLie, @bsysop and @_medusa_1_, where they unveiled a Mass Request Smuggling Vulnerability affecting tons of Google cloud websites .
4. Analyze the efforts put up by @davwwwx, which lead to Jupyter auth token leak using CVE-2023-39968, CVE-2024-22421 and a chromium bug. 
5. @Assass1nmarcos and @ThisIsDK999 found an interesting Open Redirect vulnerability which got them a bounty of $1000. What a find!

🧵4 Trending Tweets

1. Learn how @hillai was able to get admin permissions, access to customer secrets and private AI files of SAP by simply changing the UID parameter to 1337.
2. @ctbbpodcast has shared 3 interesting blogs you should checkout to get a handle using CSS Injection.
3. @vidocsecurity posted an interesting thread on how you can find interesting secrets in the parameters.yml file.
4. Did you know that you can test custom Aura components for security misconfigurations? Checkout this thread by @intigriti on common security misconfigurations in Salesforce communities! 

📽️ 3 Insightful Videos

1. Learn how to troubleshoot and recover when your exploit doesn't work, with expert guidance from @thecybermentor.
2. Watch the latest @ctbbpodcast where the hosts and guest have compared the Pwn2Own and H1 live hacking events.
3. @_JohnHammond breaks down how CrowdStrike made the headlines by causing the blue screen of death in a major IT outrage.

💼 2 Job Alerts

1. @VISTAINFOSEC is urgently hiring for Information Security Analyst for Mumbai location. 
2. Coffeee.io is looking for full time Senior Vulnerability Management Specialist at India.

🎁 1 Special Item

1. This week’s special item has come up with a great detailed resource for understanding and diving deep into world of XSS and beyond with @aszx87410 . 

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Hardik Singh, Bhavesh Harmalkar

Newsletter formatting by: Hardik Singh, Bhavesh Harmalkar, Nithin R, Shlok, Ansh Patel, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups