Exploits
Blog Archive Category
The Exploit articles categorized as Exploits
-
Exploiting Dirty Pipe (CVE-2022-0847)
By Andrew Trexler The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files that are owned by root, allowing privilege escalation. May 26, 2022 -
CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
By Raxis Research Team Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting. May 17, 2022 -
Hackers See Opportunity Where You See Only a Button
By Brad Herring In this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack. April 1, 2022 -
Cross-Site Scripting (XSS): Filter Evasion and Sideloading
By Raxis Research Team In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content. November 12, 2021 -
OWASP Top 10: Broken Access Control
By Raxis Research Team In this blog post, Raxis lead penetration tester Mark Fabian discusses broken access control and why it’s the most prevalent issue among the OWASP Top 10. October 8, 2021 -
2021 OWASP Top 10 Focus: Injection Attacks for Penetration Testing
By Raxis Research Team The latest draft of the OWASP Top 10 has been released. Though injection is #3, Raxis’ Matt Dun explains why that doesn’t mean the threat is any less severe. September 24, 2021
