WRITEUP #1461

GitHub Security Lab audited DataHub: Here’s what they found

SSRFInsecure deserializationCypher injectionAuthentication bypassAuthorization bypassXSSOpen redirectJWTJSON injectionCryptographic issuesSession expiration issueSecurity code review

by@pwntester(Alvaro Muñoz)

Program

DataHub

Published

Mar 3, 2023

Added to HackDex

Mar 6, 2023

Read Full Writeuphttps://github.blog/2023-03-03-github-security-lab-audited-datahub-heres-what-they-found/

▸ RELATED WRITEUPS

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

RCEConfusion attack

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

IIS welcome page to source code review to LFI!

SSRFLFI

NTLM Credential Theft in Python Windows Applications

SSRFNTLMv2 hash disclosure

Built with ❤️ by Shubham Rawat