Submissions by pentestercrab

New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails

Escaping Ruby's Gem:SafeMarshal Sandbox

Escaping Ruby's Gem:SafeMarshal Sandbox

RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte

CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons

Shiny Vulnerabilities in R's Most Popular Web Framework

PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos

Cross-Site Post Requests Without a Content-Type Header – CSRF Attack

Execute commands by sending JSON? Ruby deserialization vulnerabilities

JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review

Chosen-Prefix Collisions on AES-Like Hashing

Ruby 3.4 Universal RCE Deserialization Gadget Chain

Ruby's String Slice is Broken

Evaluate Markdown code blocks within Vim

SQL Injection Polyglot Payloads

Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall

Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall

Fuzz Map – fuzzer for GUIs that automatically builds a visual map

nastystereo.com

A Single File Ruby on Rails Application

Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402

Judge0 Sandbox Escape – allows obtaining root permissions

Discovering Deserialization Gadget Chains in Rubyland

Blind CSS Exfiltration: exfiltrate unknown web pages