Recently I discovered multiple high severity vulnerabilities in Selectica Contract Lifecycle Management (SCLM) version 5.4. Cross-site Scripting (XSS) There was no shortage of XSS in this app. Here’s an example from a light scan with Burp Suite: This is pretty easy to leverage for account takeover, even more so because the HTTPOnly flag was not…
n00py Blog- Extracting files from Burp Intruder Output
- Exploiting LDAP Server NULL Bind
- Managing Active Directory groups from Linux
- Zero day vulnerabilities in Determine Selectica Contract Lifecycle Management (SCLM) v5.4
- Password Spraying Dell SonicWALL Virtual Office
- Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel
- Understanding UNC paths, SMB, and WebDAV
- Exploiting Genuitec Secure Delivery Center (SDC) < Version 5.4.7 (Local File Inclusion)
- Popping shells on Splunk
- Dark Tip: Avoiding SSL Inspection on Palo Alto Firewalls