Recently I discovered multiple high severity vulnerabilities in Selectica Contract Lifecycle Management (SCLM) version 5.4. Cross-site Scripting (XSS) There was no shortage of XSS in this app. Here’s an example from a light scan with Burp Suite: This is pretty easy to leverage for account takeover, even more so because the HTTPOnly flag was not…
n00py Blog- Bypassing Amazon Kids+ Parental Controls
- Bypassing Okta MFA Credential Provider for Windows
- CactusCon 2023: BloodHound Unleashed
- Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit
- Practical Attacks against NTLMv1
- Password Spraying RapidIdentity Logon Portal
- Manipulating User Passwords Without Mimikatz
- Unauthenticated Dumping of Usernames via Cisco Unified Call Manager (CUCM)
- Adding DCSync Permissions from Linux
- Resetting an Expired Password Remotely