xEHLE
@xEHLE_
true(1)
New writeup: Early last month, @samwcyo, @sshell_, and I found a Django ORM injection in an online shooter game that let us steal cryptocurrency from the game's wallet. Read the blog post here: blog.p1.gs/writeup/2025/0…
I found a vulnerability to be able to access any Microsoft building, leaking guest/visitor and Microsoft employee PII. Here is the writeup: blog.faav.top/break-into-any… #BugBounty #bugbountytips
🚨 1- CVE-2025-53770 is a variant of CVE-2025-49704 - a critical auth bypass in SharePoint's ToolPane.aspx endpoint. It lets attackers reach a page that can parse webparts without valid credentials, and with a chained deserialization bug, they can achieve RCE entirely in memory…
For those interested to block requests to #SharePoint using `referer` header, the followings were the ones which could initially work for the auth bypass on SharePoint 2019: /_layouts/SignOut.aspx /_layouts/14/SignOut.aspx /_layouts/15/SignOut.aspx So a case-insensitive RegEx…
Hackers that hack to "Make the internet a safer place" are about as honest as politicians who go into politics to "make the country better". It's a way to make a living - myself included.
@xEHLE_ detailed how a Django ORM injection in an online shooter game allowed them to steal crypto from the game wallet.
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds
New blog post about all the fun I had red teaming at @NationalCCDC this year! Covers some of the fun we had this year specifically relating to the web side of things, as well as some tips and resources for competitors & those interested in participating sshell.co/red-teaming-at…
Used this trick go find a bug in a big AI app where I could read everyone’s private conversations! TLDR: You can do greater/less-than queries against UUIDs because in Supabase they’re stored like 128-bit integers Thanks to @rez0__ and @Rhynorater for the shoutout on the pod!
You NEED to See This UUID Trick
Our team recently used a novel technique to increase the impact of what seemed to be only a blind SSRF. This novel technique involving HTTP redirect loops and incremental status codes led to full HTTP response leakage. Read more on @SLCyberSec blog here: slcyber.io/assetnote-secu…
PHRACK is coming to @defcon! We're printing ~10,000 zines and giving an hour-long talk you won't want to miss! Stay tuned. 🔥 #40yrsOfPhrack #phrack72
Very well said. Sadly, the "hackers are partners" view is not very common among #BugBounty programs, and not even platforms.
Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->
a lot of programmers experience back and neck pain but it's not from posture it's because they deserve it
We heard you needed some more time, so we wanted to let you cook. We decided to push the Phrack 72 CFP deadline back until June 15th. Stay tuned for upcoming Phrack events. Print this flyer out and give it to someone IRL!!
Delivered the aircraft carrier to @iangcarroll from seats.aero now!
My tedx talk from last year is finally on the main tedx YouTube channel! The Rise of AI Hackbots | Joseph Thacker | TEDxUKY youtu.be/Y_x6KXV1y_0?si… via @YouTube