Exploits

Discover expert insights on the latest exploits, penetration testing tactics, and real-world vulnerabilities to strengthen your cybersecurity defenses.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

Articles Categorized as Exploits

  • CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
    CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
    Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting.
    Read More
  • Submit Button
    Hackers See Opportunity Where You See Only a Button
    In this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack.
    Read More
  • Cross-Site Scripting: Filter Evasion & Sideloading Payloads
    Cross-Site Scripting (XSS): Filter Evasion and Sideloading
    In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.
    Read More
  • 2021 OWASP Top 10
    OWASP Top 10: Broken Access Control
    In this blog post, Raxis lead penetration tester Mark Fabian discusses broken access control and why it’s the most prevalent issue among the OWASP Top 10.
    Read More
  • 2021 OWASP Top 10
    2021 OWASP Top 10 Focus: Injection Attacks for Penetration Testing
    The latest draft of the OWASP Top 10 has been released. Though injection is #3, Raxis’ Matt Dun explains why that doesn’t mean the threat is any less severe.
    Read More
  • Unescaped JavaScript Tags
    ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)
    Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).
    Read More