Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 12 of 86

[Cullinan #26] Add XXE (XML External Entity)

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ๋กœ๊ทธ #26์ž…๋‹ˆ๋‹ค. XXE ํ•ญ๋ชฉ ์ถ”๊ฐ€ํ•˜์˜€์Šต๋‹ˆ๋‹ค. ๋ณดํ†ต ์ปฌ๋ฆฌ๋„Œ์— ์—ฌ๋Ÿฌ๊ฐœ ์ด๋ ฅ์ด ๋ˆ„์ ๋˜๋ฉด ์˜ฌ๋ฆฌ๋ ค๊ณค ํ•˜๋Š”๋ฐ, ์ด๋ฒˆ์—๋Š” ํ…€์ด ์ข€ ๊ธธ์–ด์ ธ์„œ ๋กœ๊ทธ๋กœ ์˜ฌ๋ ค๋ด…๋‹ˆ๋‹ค.

Read More

Authz0 v1.1 Released ๐ŸŽ‰

  • 1 min read

Hi security engineers and hackers! Authz0 v1.1.0 has been released ๐ŸŽ‰ First of all, I would like to thank many of you for your good feedback.

Read More

Chrome์—์„  ์ด์ œ open ์†์„ฑ์—†์ด XSS๊ฐ€ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

  • ~1 min read

XSS ๋ฒกํ„ฐ ์ค‘ details ํƒœ๊ทธ์— ontoggle ์ด๋ฒคํŠธ ํ•ธ๋“ค๋Ÿฌ์™€ open ์†์„ฑ์„ ์ด์šฉํ•œ ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๋‹ค. Chrome, Safari, Firefox, IE ๋ชจ๋‘ ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•˜๊ณ  on* ๊ธฐ๋ฐ˜์˜ XSS ์ค‘ ๋น„๊ต์  ์‰ฝ๊ฒŒ ์‚ฌ์šฉ์ž interaction์„ ์ค„์ผ ์ˆ˜ ์žˆ์–ด์„œ ์ž์ฃผ ์‚ฌ์šฉ๋˜๋Š”๋ฐ์š”.

Read More

[Cullinan #25] ์•ž์œผ๋กœ์˜ ๊ณ„ํš

  • 1 min read

์ปฌ๋ฆฌ๋„Œ ๋กœ๊ทธ #25์ž…๋‹ˆ๋‹ค. ์‚ฌ์‹ค ์ด๋ฒˆ์—๋Š” ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ๋ผ๊ธฐ ๋ณด๋‹จ ์•ž์œผ๋กœ์˜ ๊ณ„ํš์„ ์ข€ ๋” ๊ณต์œ ๋“œ๋ฆด๊นŒ ํ•ด์„œ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

๋‚˜์˜ ๋ฉ”์ธ Weapon ์ด์•ผ๊ธฐ โš”๏ธ (ZAP and Proxify)

  • 2 min read

ํ•œ๊ตญ ๊ธฐ์ค€์œผ๋กœ ์ƒˆํ•ด๊นŒ์ง€ ์•ฝ 30๋ถ„์ด ๋‚จ์•˜๊ณ , ์˜ฌํ•ด์˜ ๊ธ€์€ ์ด ๊ธ€์ด ๋งˆ์ง€๋ง‰ ๊ธ€์ด ๋  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๋ถ„๋ช… 2020 ํšŒ๊ณ ํ•œ์ง€๊ฐ€ ์–ผ๋งˆ ์•ˆ๋œ ๊ฒƒ ๊ฐ™์€๋ฐ, ๋ฒŒ์จ 2021๋„ ํšŒ๊ณ ๋„ ์ด๋ฏธ ์ง€๋‚˜๋ฒ„๋ ธ๋„ค์š” ๐Ÿ˜ฑ

Read More