Server Side Request Forgery – Computer Security Articles

What We Can Learn from the Capital One Hack

August 2, 2019 admin A Little Sunshine, Apache, Capital One breach, CloudFlare, data breaches, DisruptOPS, Evan Johnson, metadata service, ModSecurity, Rich Mogull, Server Side Request Forgery, SSRF, The Coming Storm, WAF, Web Application Firewall, William Bengston

Credit to Author: BrianKrebs| Date: Fri, 02 Aug 2019 21:30:34 +0000

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps the result of a previously unknown “zero-day” flaw, or an “insider” attack in which the accused took advantage of access surreptitiously obtained from her former employer. But new information indicates the methods she deployed have been well understood for years.

Independent Securiteam

SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

September 3, 2017 admin File Disclosure, Remote Command Execution, SecuriTeam Secure Disclosure, Server Side Request Forgery, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 03 Sep 2017 06:38:44 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in Mako Server’s tutorial page. The vulnerabilities found are: Unauthenticated Arbitrary File Write vulnerability that leads to Remote Command Execution Unauthenticated File Disclosure Unauthenticated Server Side Request Forgery As these tutorial may be used as the basis for production code, it is important for users … Continue reading SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities