In this video we cover how to read JSON and XML specifically to find information disclosure vulnerabilities. We cover how to approach a target when a URL returns JSON or XML, how to know if you've found an info disclosure - and how to exploit it! I want to really demystify JSON/XML and make you feel more at ease with how JSON/XML works and how you can read it. We also cover other vulnerabilities that might exist when a URL returns JSON or XML.
Did you know this episode was sponsored by Intigriti? Sign up with my link [ Ссылка ] I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
Further reading:
- JSON Formatter: [ Ссылка ]
- JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions: [ Ссылка ]
- An invite-only's program submission state is accessible to users no longer part of the program: [ Ссылка ]
- latest_activity_id and latest_activity_at may disclose information about internal activities to unauthorized users: [ Ссылка ]
- Team member with Program permission only can escalate to Admin permission: [ Ссылка ]
Ещё видео!