Post

Visualizzazione dei post da giugno, 2025

CVE-2025-45878,CVE-2025-45879 and CVE-2025-45880 Showcase

CVE-2025-45878,CVE-2025-45879 and CVE-2025-45880 Showcase This blog post is written to showcase the three CVEs I discovered in the web application Amigdala 2.2.6 by Miliaris. For this time, I'll stick with the Mitre Template, and I will avoid releasing any sensitive information. CVE-2025-45878 ( Mitre ) ( NVD ) [Suggested description] A reflected cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.

Portswigger Practice Exam #1

Immagine
Portswigger Practice Exam #1 In this blogpost we will see how to complete The Burp Suite Pratice Exam by Portswigger We have 2 hours to complete the exam. The Exam itself is made up of three steps, in each of which we have to exploit a different vulnerability. Steps: DOM Cross-Site Scripting (XSS) SQL Injection Insecure Desearilization Step #0: Starting the exam At the bottom of this page , we can start either the first or the second exam. Let's start the first one by clicking on the first orange button. Let's click on the next button to confirm to start the practice exam. Now let's wait a few minutes to let the lab load up. Step #1: DOM Cross-Site Scripting (XSS)Finally, let's click on the App 1 Button to load the exam webpage. Let's enable the DOM Invader Extension Let's use the Dom invader to identify the Sink(s) Let's validate that we can exploit this sink with the following payload "-alert()-" to achieve a DOM XSS Let's try to read the co...