This is not the first time we write about subdomain takeover and probably it won’t be the last. Every time we find a subdomain takeover we ask ourselves “How big is this (assets management) problem?”. This time we decided to answer our own question but we got caught in the rabbit hole where we met...
Have you ever wondered what it feels like to own a Ferrari? We did. Not the car itself, but access to their database credentials.
Following Ferrari Responsible Disclosure Program1 Char49 discovered a vulnerability on the media.ferrari.com subdomain. The vulnerability affected a popular Wordpres...
TOPdesk Single Sign-on integration based on SAML (Security Assertion Markup Language) was vulnerable to XML Signature Wrapping (XSW) attacks, allowing bad actors with credentials to authenticate with the Identity Provider (IdP) to impersonate any TOPdesk user, tampering with the SAML Response.
The...
Char49 recently discovered a security misconfiguration on a subdomain of an American multinational corporation (Top50 on the Fortune500) website: an exposed Symfony web framework debug endpoint leaking sensitive information.
In a nutshell, exposing Symfony Profile or any other web framework debug...
One of the most interesting vulnerabilities that could potentially allow Remote Code Execution (RCE). Check out this article from our researcher Miguel Regala on Cobalt Blog.
Our lab found a interesting XSS on a .swf file that we later discover was mainly used on phishing websites.
Source code of typewrite_header.swf:
//----------------------------------------------------------------------
//Frame 3
//------------------------------------------------------------------...