Unmasking an RFI to LFI Escalation
Introduction: Greetings, we are going to share a recent security assessment that was performed for the client, where a seemingly innocent Remote File Inclusion (RFI) unfolded into a more intricate and fascinating Local File Inclusion (LFI) discovery. The RFI Unveiling: During the Audit we stumbled upon a unique endpoint that fetched CSV file data, incorporating […]
Sneaky Attacks: Critical Account Deletion Vulnerability
Introduction: In the dynamic landscape of cybersecurity, unearthing vulnerabilities is crucial to fortifying digital platforms. Today, we unravel a significant flaw that allows an attacker to delete anyone’s account by exploiting the nuances of email address registration. The Discovery: In our assessment, we stumbled upon a vulnerability that hinges on the subtleties of email addresses […]
Unveiling Improper Access Control: A Journey into Admin Dashboards
In the ever-evolving landscape of cybersecurity, uncovering vulnerabilities is crucial to maintaining the integrity and security of digital platforms. In this write-up, we explore a recently discovered flaw in the access control system, shedding light on the potential risks and impacts it poses. The Discovery: Our journey begins with the identification of an improper access […]