How to pentest Blazor Server apps? Introduction – To Blazor Pentest and How you can test the blazor server? As organizations continue to adopt modern web technologies, the need for securing web applications becomes more critical than ever. One of the rapidly growing frameworks for building interactive web apps is Microsoft’s Blazor, which allows developers
Read More
Description During a pentesting engagement at CyberAR, I discovered an open redirect vulnerability on the login page that I was able to escalate to an account takeover. In this write-up, I’ll explain how I achieved this. Exploit Begins – OpenRedirect to Account Takeover While exploring the website, I noticed a redirect parameter on the login
Read More
In today’s digital age, secure user authentication is paramount to protect sensitive information and maintain user trust. However, during a recent web application penetration test, I uncovered a critical security flaw in the OTP (One-Time Password) verification process of a popular web application. This vulnerability allows attackers to bypass OTP verification, potentially leading to unauthorized
Read More
Overview: During a penetration testing engagement with CyberAr, I focused on examining the security of a cloud service’s advanced features. I discovered a Server-Side Request Forgery (SSRF) vulnerability that allowed me to expose and access AWS credentials, leading to significant security risks. What was the feature? The application provides an advanced automation feature aimed at
Read More