Summary: Hello team, It is possible to reveal any user email using the BountiesHistoryQuery request. To demonstrate this, I will make use of both the API and the graphql requests. Steps To Reproduce ...
Continue ReadingMarch 28, 2024
Summary: Hello team, It is possible to reveal any user email using the BountiesHistoryQuery request. To demonstrate this, I will make use of both the API and the graphql requests. Steps To Reproduce ...
Continue ReadingMarch 28, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring su ...
Continue ReadingMarch 28, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring su ...
Continue ReadingMarch 28, 2024
This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters ...
Continue ReadingMarch 28, 2024
This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters ...
Continue ReadingMarch 28, 2024
Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users, including the following: /api/graphql/ (1) /api/users/users/session/ (Nautobot 2 ...
Continue ReadingMarch 28, 2024
Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users, including the following: /api/graphql/ (1) /api/users/users/session/ (Nautobot 2 ...
Continue ReadingMarch 28, 2024
Back to Main