Tag: WebSecurity

Articles tagged with WebSecurity

WebSecurity Articles

Let the framework guard your JWT internals - but who is guarding the framework?

26 September, 2025

During a recent security assessment, we found a critical authentication bypass, which at the first glance looked like a classic Json Web Token (JWT) issue - no cryptographic signature verification and possibility to forge valid tokens as a result. A blackbox assessment would probably have called it a day and reported the issue as a lack of cryptographic signature verification, which would be a legitimate issue. However, since the assessment consisted of whitebox code review, it was possible to dive deeper into the application's logic.

READ article

Symfony Profiler in Production – An Entry Point for Sensitive Data Leaks and Remote Code Execution

Jakub Żoczek

03 January, 2025

During a security audit, a web application using an outdated version of the Symfony framework was identified. The analysis revealed the presence of the Symfony Profiler tool, which is commonly used for debugging applications during development. The Profiler provides detailed information about the application's operation, which is useful for developers. However, in a production environment, its availability can lead to the disclosure of sensitive information and, in some cases, remote code execution on the server.

READ article

From an AWS Cognito Misconfiguration to Full Account Takeover

Securitum

30 December, 2024

Issues with AWS Cognito configuration can expose applications to significant abuse, including privilege escalation attacks. The discovered vulnerability allows users to modify their attributes, potentially granting access to resources belonging to other entities in the system.

READ article

Session Fixation: A „Hidden Threat” to Web Application Security

Marcin Zięba

20 December, 2024

Session fixation is a security vulnerability that occurs when an attacker forces a legitimate user to utilize a predetermined session identifier (session ID). This allows the attacker to hijack the session and impersonate the victim once they authenticate with the web application. The vulnerability arises when an application fails to properly regenerate a new session ID upon user authentication, thereby continuing to use the preexisting session ID provided by the attacker. Common attack vectors include injecting the session ID through URL parameters, cookies, or hidden form fields.

READ article

How a simple vulnerability allowed proxying TCP traffic - real pentest case

Dariusz Tytko

07 June, 2024

During a penetration test for our client, it was discovered that the turn.example.com server, which is part of the tested application infrastructure, is vulnerable. This flaw allows for proxying TCP traffic through the server, enabling attacks on any host on the internet. Additionally, attackers could gain access to internal systems and their configurations, potentially compromising the entire infrastructure.

READ article

Exploiting PDF generation vulnerability: a case study from real pentest

SECURITUM

05 June, 2024

In a recent penetration test conducted by [Your Security Company], we identified a critical vulnerability within a web application that allowed unauthorized access to sensitive resources. This flaw permits an attacker to access both local server files and data on other servers within the same network. The vulnerability stems from improper handling of user-input data, presenting a severe security risk.

READ article

Password reset flaw: when anyone can reset your password

Sebastian Jeż

29 May, 2024

During rigorous testing, security researchers uncovered a significant weakness in the password reset mechanisms used by numerous online platforms. By exploiting the seemingly harmless phone number field, an attacker can compromise a victim's account. The vulnerability lies in the mishandling of a four-digit code, which, instead of being sent solely to the owner's phone, is also included in the server's response. This oversight turns a seemingly harmless feature into a gateway for hackers to infiltrate users' digital lives.

READ article

Why you shouldn't (again) roll your own cryptography - real-life case in 2024.

Mateusz Lewczak

17 May, 2024

In the last part of our series "Why You Shouldn't Roll Your Own Cryptography," I talked about a custom hashing algorithm using Triple-DES. Today, I'll present another case from a desktop application that used a completely custom "hashing" algorithm. It's important to note that the application was written in a native language, so some reverse engineering will be involved.

READ article

How a simple lack of SMS code verification can compromise financial security

Securitum

30 April, 2024

During audits, it's crucial to check all possible attack vectors, even the seemingly obvious functionalities. This diligence led us to discover, during one of our web application audits, that the server does not verify the correctness of the SMS code used by applicants during the credit request process, either at the start or at the final document signing stage. In short: a credit application without any verification.

READ article

Multiple Benefits from a Single Action: The Dangers of Race Conditions in Your Application!

Adam Borczyk

19 April, 2024

When multiple application threads work on the same data concurrently, there is a risk of data inconsistency or data collisions. Database engineers have tackled this problem since the early days of database engines by introducing atomic transactions. However, web applications remain vulnerable to an attack known as a race condition.

READ article

Crashing servers with digits: floating-point numbers DoS vulnerabilities

Martin Matyja

10 March, 2024

A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the normal functioning of a system or network, in this case – a web application. One sophisticated form of such an attack exploits vulnerabilities in the processing of floating-point numbers. In our scenario, attackers manipulate the system's handling of floating-point arithmetic, leading to inaccurate calculations and potential system failures. This method challenges the reliability of numerical computations and poses a serious threat to the stability and availability of targeted systems.

READ article

Unicode's role in XSS vulnerabilities.

jacek siwek

04 March, 2024

Web application security is a crucial concern in today's digital landscape. Cross-Site Scripting (XSS) attacks pose a significant threat to web applications, allowing attackers to inject malicious scripts into trusted websites. Request validation mechanisms are implemented to mitigate such attacks by blocking certain characters or patterns commonly associated with malicious code. However, recent discoveries suggest that there is a possibility of bypassing these validation mechanisms using Unicode characters, which could lead to successful XSS attacks.

READ article

Demystifying Prototype Pollution and its link to DOM XSS

Kalina Zielonka

03 October, 2023

JavaScript, the backbone of many web applications today, brings with it flexibility and potential. At the core of its architecture, every element we interact with is essentially an object, each with its own unique properties and methods. The Role of Prototypes in JavaScript Prototypes allow JS to share attributes or properties between different objects. Every object in JS has a prototype object associated with it, which gives that object its own properties. In other words, an object in JS inherits all the properties of its prototype.

READ article

The Silent Threat of ReDoS: 2023 Real-Life Pentest Case

MATEUSZ LEWCZAK

26 September, 2023

Regular Expression Denial of Service (ReDoS) is a type of vulnerability that arises when an attacker submits a specially crafted input to an application that utilizes regular expressions to validate or process user input. The attacker's input aims to activate a slow or inefficient regex pattern, leading the application to consume excessive resources, such as CPU time or memory.

READ article

A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?