Articles tagged with "web" (2)
2022-02-22
Unauthenticated LFI in Appwrite 0.5.0 <= 0.12.1
While exploring cyber space I stumbled upon a project called Appwrite. Looked interesting, started browsing the code. Eventually, I discovered an undisclosed vulnerability in one of the endpoints allowing an attacker to read local files on the system. The …
2021-11-01
Overwriting HttpOnly cookies with Javascript
So I got in contact with Sam Anttila on twitter regarding his article about overwriting HttpOnly enabled cookies using Javascript, which should not be possible. I asked him if he had verified if Firefox exhibits the same behavior. He answered yes and the …