👩💻IW Weekly #89: Business Logic Vulnerability, DNS Poisoning, XSS Exploitation to Steal Credentials, Payment Processor Hacking, Second Order SQL Injections, Blind CSS Exfiltration, Symfony Exploits and many more…
Welcome to the #IWWeekly89 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- @doshi_vrushabh writes a fantastic tale on how he was able to find a business logic vulnerability in a popular cafe.
- @garethheyes shares an amazing novel research work titled Blind CSS Exfiltration. Truly Genius!
- Feature or Flaw? Delve into CVE-2023-24893 - a surprising vulnerability in VSCode's terminal shell-integration by @solidsnail.
- @timolongin shows you how to poison the DNS name resolution of an entire country.
- Understand how @bxrowski0x was able to find 3 RCE vulnerabilities in page powered by Symfony framework.
🧵4 Trending Tweets
- Lean how to exploiting an XSS in order to steal credentials from a password manager from @hakluke.
- @shreyas_chavhan outlines a great bug bounty methodology for discovering critical vulnerabilities.
- @zellic_io reveal a bug enabling attackers to deplete LP contracts on AStar-EVM.
- Figure out the importance of identifying second-order SQL injections, beautifully explained by mcipekci.
📽️ 3 Insightful Videos
- @NahamSec explores payment processor hacking in Episode 02 of his REDACTED series.
- Gain insights into system operations, hunting styles and methodologies in the latest critical thinking bug bounty podcast.
- Explore import address table hooking with @_JohnHammond to write your own custom malware.
💼 2 Job Alerts
- Doyensec is hiring for a Security Engineer with an exceptional web security skillset.
- CoinDCX is looking for Application Security Engineer with 3-8 years of relevant work experience.
🎁 1 Special Item
- Discover an alert() on the origin in this real-world XSS challenge by Frans Rosen.
The much-awaited cybersecurity conference IWCON is now back with edition 3.0 on 16 and 17 December 2023. With 16 amazing speakers, this year is going to be a blast of learning and networking. TICKETS NOW OPEN FOR SALE! Go grab yours today.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Vinay Kumar, Tuhin Bose, Mohit Khemchandani, Manan, Shlok, Rachit Arora, Eeshan V, Anu Pallavi
Newsletter formatting by: Ayush Singh, Hardik Singh, Nithin R, Rachit Arora, Eeshan V
Lots of love
Editorial team,
Infosec Writeups