A post disclosing some details of an Insecure Direct Object Reference (IDOR) vulnerability discovered in the latest version of osTicket, back in 2015. I decided to dig into the internals of this product for the challenge and the fun, nothing else. The vulnerability was fixed by osTicket in one day.
Web
- This vulnerability was found in the JNews plugin and showed how we bypassed the file extension validation and how we discovered two diferent unrestricted file upload forms.
- Following the journey of targeting low-hanging fruits in Joomla plugins, this issue was discovered to pose Hikashop’s users to a low risk by allowing arbitrary JavaScript code being injected from the control panel.
- This post was the result of a code-review made to the Joomla Content Editor plugin. It was possible to bypass the file upload validation in order to submit a webshell.
- This post was copied from the r0t1v’s blog and explains how we find out an open redirect vulnerability, both on Yahoo and LinkedIn. Their teams decided to treat them as a feature.