Search
1000 results for “OpenRefine”
-
Little tip for bug bounty hunters looking for an open redirect vuln.
Look for these URLs:
- ?url=
- ?link=
- ?redirect=
- ?redirecturl=
- ?redirect_uri=
- ?return=
- ?return_to=
- ?returnurl=
- ?go=
- ?goto=
- ?exit=
- ?exitpage=
- ?fromurl=
- ?fromuri=
- ?redirect_to=
- ?next=
- ?newurl=
- ?redir=
(or similar ones)
#hacking #cybersecurity #openredirect #openredirects #hacker #pentesting #bugbounty
-
Let's say we have this kind of code going on in the backend:
$red = $_GET['url'];
header("Location: " . $red);This code just reads whatever is in the
urlparam, and redirects to it. It's not checked in any way.It's completely **open!
So an attacker can just pass in their malicious website like so:
https://url-to-website.com/index.php?url=https://hackerman.com(the important part is the url after the param
url).And this will redirect users to the "https://hackerman.com" website.
#hacking #cybersecurity #openredirect #openredirects #hacker #pentesting #bugbounty
-
First of all, what is an open redirect?
It's a fancy name for abusing an alread existing redirect functionallity of a website, that has no validation, sanitisation or limitation - thus open.
It basically means, an attacker can redirect users of a legitimate website, using a given functionality of that website.
#hacking #cybersecurity #openredirect #openredirects #hacker #pentesting #bugbounty
-
Let's talk about open redirects. And how they relate to session security.
If you missed the last session about session security (lol), you can read up on it here: https://infosec.exchange/@h_ackerman/112790268343255931
Or as always, check the Learning Corner on my website (or the notes) to get more info:
https://zanidd.xyz/reading-corner
1/? 🧵
#hacking #cybersecurity #openredirect #openredirects #hacker #pentesting #bugbounty
-
Spring Framework URL Parsing Vulnerability
Date: April 11, 2024
CVE: CVE-2024-22262
Vulnerability Type: Open Redirect, SSRF
CWE: [[CWE-601]], [[CWE-918]]
Sources: Spring.io, SecurityOnline.infoIssue Summary
CVE-2024-22262 is a critical vulnerability in Spring Framework's [[UriComponentsBuilder]], affecting URL parsing with host validation. This vulnerability is exposed when applications parse an externally provided URL and validate the host, potentially leading to open redirect or SSRF attacks. It is similar to previous vulnerabilities but involves a different attack vector.
[[UriComponentsBuilder]] is a component of the [[Spring Framework]] by [[VMware]] designed to build and manipulate URI components in a fluent and thread-safe manner. It supports the construction of URIs for various purposes, such as API calls and dynamic web links, including support for template variables. It plays a crucial role in developing RESTful web services and is instrumental in implementing HATEOAS principles, ensuring that applications can dynamically generate and manage URIs based on the current request context.
Technical Key findings
The flaw arises from improper handling and validation of URLs by the [[UriComponentsBuilder]]. This can be exploited by attackers to redirect users to malicious sites or execute unauthorized actions on internal systems by bypassing the host validation checks.
Vulnerable products
- Spring Framework versions:
- 6.1.0 to 6.1.5
- 6.0.0 to 6.0.18
- 5.3.0 to 5.3.33
- Also, older unsupported versions
Impact assessment
Exploitation of this vulnerability can lead to significant security breaches, including data theft, unauthorized system access, and severe operational disruption.
Patches or workaround
Patches have been issued for affected Spring Framework versions:
- 6.1.x to 6.1.6
- 6.0.x to 6.0.19
- 5.3.x to 5.3.34Organizations using affected versions are urged to update immediately to mitigate risks.
Tags
#SpringFramework #CVE-2024-22262 #OpenRedirect #SSRF #CyberSecurity
- Spring Framework versions:
-
Authors sending confidential author-AE concerns about *every reviewer*: check!
-
Request your next #PREreview directly from @biorxivpreprint and @redescielo Preprints! Learn more about our new, collaborative efforts using the #COAR Notify Protocol to deliver timely, open feedback to preprint authors: https://content.prereview.org/request-a-review/ 🎉
-
Bridging performance gap between minimal and maximal SVM models
Ondrej Such, René Fabricius
-
Bridging performance gap between minimal and maximal SVM models
Ondrej Such, René Fabricius
-
Bridging performance gap between minimal and maximal SVM models
Ondrej Such, René Fabricius
-
Bridging performance gap between minimal and maximal SVM models
Ondrej Such, René Fabricius
-
Bridging performance gap between minimal and maximal SVM models
Ondrej Such, René Fabricius
-
FASTRAIN-GNN: Fast and Accurate Self-Training for Graph Neural Networks
Amrit Nagarajan, Anand Raghunathan
-
Very interesting work by Confavreux and colleagues on #MetaLearning families of #plasticity rules in #RecurrentSpikingNetworks using simulation-based inference 👌
🌍 https://openreview.net/forum?id=FLFasCFJNo
#RSN #CompNeuro #Neuroscience #NeurIPS2023 #SynapticPlasticity #SpikingNeuronalNetwork #SNN
-
Integrating Bayesian Network Structure into Residual Flows and Variational Autoencoders
Jacobie Mouton, Rodney Stephen Kroon
-
Sparse Coding with Multi-layer Decoders using Variance Regularization
Katrina Evtimova, Yann LeCun
-
Bayesian Causal Bandits with Backdoor Adjustment Prior
Jireh Huang, Qing Zhou
-
Call for @joss reviewers:
EdgeVPN.io
repo: https://github.com/EdgeVPNio/evio
pre-review: https://github.com/openjournals/joss-reviews/issues/6355
language: PythonDescription:
EdgeVPN.io is an evolution of the IP-over-P2P (IPOP) project. IPOP started as an IP-based peer-to-peer overlay targeting personal devices, and over time the architecture evolved to adopt various standards, support centralized user/group management, and incorporate software-defined networking, culminating in the current architecture, tailored for research and development in nascent edge computing applications.
...
EdgeVPNio is a research project to build networking for the fog, spanning the network continuum from the cloud to its edge. It builds networking cyber-infrastructure which supports emerging IoT era applications.Looks like this one might be a bit of fun for #p2p people, or i suppose #DistributedSystems people generally. No prior experience reviewing for JOSS is required, experience with Python is required, and some experience with the topic area is preferred. Don't be shy! If you've never done open review before, JOSS is a great place to start. It's a really good way to learn by teaching (or learn by reading!) in a collaborative context. You can reply here or on the pre-review issue to volunteer :)
edit: would love to have some infosec people on this one! even and especially if you are not in academia :)
-
Stacking Diverse Architectures to Improve Machine Translation
Andrea Schioppa, Nal Kalchbrenner
-
First paper of a PhD student in our team.
It is a preprint #OpenAccess and #OpenReview paper, so you can comment online.It is about correcting for alignement with rotation axis of the main inertial axis of the Earth in a #simulation of Mantle #convection. We need this to get plausible heat flux maps for later #geodynamo simulations.
https://egusphere.copernicus.org/preprints/2022/egusphere-2022-1172/
-
Target Propagation via Regularized Inversion for Recurrent Neural Networks
Vincent Roulet, Zaid Harchaoui
-
Still looking for a second reviewer for @pyOpenSci
Package: automata
review: https://github.com/pyOpenSci/software-submission/issues/152
repo: https://github.com/caleb531/automata
description: A Python library for simulating finite automata, pushdown automata, and Turing machines.Open reviews are a great way to learn by teaching, see what other people are up to, and make software development a valued and creditable part of academic work. Anyone with familiarity with Python is welcome as a reviewer, experience in the topic domain is a bonus but not required. DM me or reply on the above issue, it's fun, i promise! :)
edit: reviewer found! thank you @iris <3
#PeerReview #SoftwareReview #OpenReview #Python #Automata #TuringMachines #CellularAutomata
-
Black-Box Batch Active Learning for Regression
Andreas Kirsch
Action editor: Ying Nian Wu.
-
We are very proud ✨ to be one of the supporting partners of the annual #Wikimedia2023 global conference, this year in #Singapore 🇸🇬 from 16-19 August.
Stay tuned for schedule details coming 🔜 – @okfn will host 2️⃣ online sessions, on the #OpenDefinition and on #FrictionlessData.
Register now: https://eventyay.com/e/8f889410?code=PartnershipsWM2023
-
Very interesting work by Confavreux and colleagues on #MetaLearning families of #plasticity rules in #RecurrentSpikingNetworks using simulation-based inference 👌
🌍 https://openreview.net/forum?id=FLFasCFJNo
#RSN #CompNeuro #Neuroscience #NeurIPS2023 #SynapticPlasticity #SpikingNeuronalNetwork #SNN
-
Very interesting work by Confavreux and colleagues on #MetaLearning families of #plasticity rules in #RecurrentSpikingNetworks using simulation-based inference 👌
🌍 https://openreview.net/forum?id=FLFasCFJNo
#RSN #CompNeuro #Neuroscience #NeurIPS2023 #SynapticPlasticity #SpikingNeuronalNetwork #SNN
-
Very interesting work by Confavreux and colleagues on #MetaLearning families of #plasticity rules in #RecurrentSpikingNetworks using simulation-based inference 👌
🌍 https://openreview.net/forum?id=FLFasCFJNo
#RSN #CompNeuro #Neuroscience #NeurIPS2023 #SynapticPlasticity #SpikingNeuronalNetwork #SNN
-
Very interesting work by Confavreux and colleagues on #MetaLearning families of #plasticity rules in #RecurrentSpikingNetworks using simulation-based inference 👌
🌍 https://openreview.net/forum?id=FLFasCFJNo
#RSN #CompNeuro #Neuroscience #NeurIPS2023 #SynapticPlasticity #SpikingNeuronalNetwork #SNN
-
Learning Energy Conserving Dynamics Efficiently with Hamiltonian Gaussian Processes
Magnus Ross, Markus Heinonen
-
This new paper by @agrinsted (or rather #preprint, it's in #EGUSphere for #TheCryosphere in #OpenReview) is the first one to be submitted under our new #PRECISE project on #IceSheets + #SeaLevel - that officially kicks off next week. It was a very welcome return to the field of #crevasses #Ice + #Fracture that I worked on for my PhD.
Really nice work by Aslak and a clue as to what we're going to be working on the next few years! https://fediscience.org/@agrinsted/111092753792668775