{"uuid": "a63f7ccd-9576-4738-9eda-aa7356fbb6e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38646", "type": "published-proof-of-concept", "source": "https://t.me/poxek/3043", "content": "#infodigest\n\n\u0421\u043e\u0431\u0440\u0430\u043b\u0438 \u0434\u043b\u044f \u0432\u0430\u0441 \u0441\u0430\u043c\u044b\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0438\u0437 \u0440\u0430\u0437\u043d\u044b\u0445 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0439.\n\n\ud83e\udeb2 Bugs & Exploits\n1. WordPress \u00abWooCommerce Payments\u00bb plugin CVE-2023-28121\n2. Why ORMs and Prepared Statements Can't (Always) Win\n3. Exploiting XSS in hidden inputs and meta tags\n4. Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)\n5. Exploiting Incorrectly Configured Load Balancer with XSS to Steal Cookies\n6. Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)\n7. Reversing Citrix Gateway for XSS\n8. Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 1)\n9. Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2)\n10. HTML Over the Wire\n\n\ud83d\udee0 Tools\n11. CVSS Advisor (Escalation Techniques)\n12. shortscan\n\n\ud83d\udcd1 Burp extensions & tricks\n13. Improve your API Security Testing with Burp BCheck Scripts\n14. The top 10 community-created BChecks\n\n\ud83d\udcb0 Bug Bounty reports\n15. Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API\n16. Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability", "creation_timestamp": "2023-08-02T15:22:57.000000Z"}