Deteact – continuous information security services
Application Security, Penetration Testing, Security Consulting, Vulnerability Management, DDoS Testing, Threat Hunting, Awareness Training, Bug Bounty, Blockchain Security, Security Research
Insecure Direct Object Reference (IDOR) is a very common type of weakness in the application authorization logic. The potential damage from IDOR exploitation can be either minimal or critical. Let’s consider some cases when the
In Russian: https://blog.deteact.com/ru/bitrix-waf-bypass/ UPD: CVE-2020-13758 assigned Sometimes when exploiting reflected XSS the input parameters get injected directly into the body of the <script> tag. Typically, this means that the exploit is trivial: HTML entity encoding
In Russian: https://blog.deteact.com/ru/common-flaws-of-sms-auth/ Many online services use SMS to authenticate users. But subtle implementation mistakes may lead to major problems. This is what we will talk about in this article. Intro This authentication protocol is