Hunting with the Synack Red Team has been eerily quiet. Very few "net new" targets, and anything new is exceedingly well tested by the legends/early access groups who get an 12+ hour head start, so it's either discounted vulns, or no vulns at all. Over…
.env files are interesting as they can often contain information should be kept away from the public. In some cases they can contain valid credentials for external facing services that can be accessed by a hacker, as was the case in this finding. After doing some subdomain enumeration on one…
In an earlier post I walked through a cool SSRF vulnerability related to the ES plugin affecting later versions of Adminer. In much older versions it used to be possible to perform port scans using the standard MySQL plugin - and best of all it required no extra effort, everything…
On the weekend, I came across an interesting SQL injection vulnerability whilst researching on a financing related website. I expected the website to have vulnerabilities, as I'd earlier found an IDOR that allowed for the read/write of contacts who'd receive emails across accounts, but I…
January through March always seems like a very quiet time when hunting with Synack. This is where most of the re-tests occur & the opportunities to find new things is limited and it becomes a bit scrappy. With that said, this year I've done a bit better than…