.env files are interesting as they can often contain information should be kept away from the public. In some cases they can contain valid credentials for external facing services that can be accessed by a hacker, as was the case in this finding. After doing some subdomain enumeration on one…
In an earlier post I walked through a cool SSRF vulnerability related to the ES plugin affecting later versions of Adminer. In much older versions it used to be possible to perform port scans using the standard MySQL plugin - and best of all it required no extra effort, everything…
On the weekend, I came across an interesting SQL injection vulnerability whilst researching on a financing related website. I expected the website to have vulnerabilities, as I'd earlier found an IDOR that allowed for the read/write of contacts who'd receive emails across accounts, but I…