/series/vulns/ Recent content in vulns on Security, Tech, And Ramblings Hugo -- gohugo.io en-us Copyright © {year} Sean Marpo. All Rights Reserved. Wed, 15 Jun 2022 11:20:46 -0700 /posts/2022/2022-06-15-springfox-xss-via-outdated-swagger-ui/ Wed, 15 Jun 2022 11:20:46 -0700 /posts/2022/2022-06-15-springfox-xss-via-outdated-swagger-ui/ I got my weekly TL;DR Sec newsletter on Thursday morning. I regularly browse the headlines for fun things to check out whenever I might have some actual downtime. I noticed a post about XSS in Swagger UI at: Hacking Swagger-UI - from XSS to account takeovers I did the usual perusal, noted down the concerns, and popped right on over to Sourcegraph to determine the future of my Thursday. /posts/path-traversal-and-ssrf/ Sat, 12 Feb 2022 12:09:08 -0800 /posts/path-traversal-and-ssrf/ I was recently working on a security review, and I came across an anti-pattern I’ve seen time and time again. Sure, it might be obvious, but this was a relatively tenured developer who suggested this particular solution. It’s seemingly pervasive enough that it warrants digging into. So, with that in mind, let’s chat about path traversal and SSRF. The Context I was performing an app/code review of a new “thing” to keep this vague enough.