Hi there đź‘‹
I am happy to welcome you to my blog where I discuss cyber security, particularly DAST and web security vulnerabilities
For more information, see my LinkedIn profile.
I am happy to welcome you to my blog where I discuss cyber security, particularly DAST and web security vulnerabilities
For more information, see my LinkedIn profile.
TLDR > Optimize Zapoxy as an authorized crawler for Lotus using its scripting and automation framework List of Content Introduction What’s Zaproxy Scripting Works Exporting customs sitemap in JSON output Using the Output with Lotus Introduction Zaproxy is a powerful security automation tool with numerous hidden features, in this blog post we will explore its capabilities for authentication, crawling, scoping, and utilizing the results in another tool Specifically, we will focus on using Lotus, a tool that supports custom sitemap JSON format, to efficiently scan full requests...
Hey :smiley: in this blog I’m going to tell you how I was able to kill/dos any Gitea server I discovered this bug in Gitea version 1.14.2 in 2021 which was fixed in 1.14.3 by the Gitea team Please note that I wasn’t targeting Gitea at all, I was doing some bug bounty hunting on a private target That target’s staging-dev.target.com has gitea on it and I thought, “Okay, I think there’s CVES for that product” and yeah I found some but Unfortunately, the POC isn’t included in the CVE report (only the PR on github)...