Back to directory

WRITEUP #731

crewjam/saml - IdP XSS Via Missing Binding Syntax Validation In ACS Location

XSSSAMLSecurity code review

by@lacerenza_fra(Francesco Lacerenza)

Program

Crewjam

Published

Oct 17, 2023

Added to HackDex

Feb 1, 2024

Read Full Writeuphttps://doyensec.com/resources/Doyensec_SecurityAdvisory_crewjam_saml_Q32023.pdf

▸ RELATED WRITEUPS

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire

XSSClient-side Path Traversal

Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail

XSSSecurity code review

Studying 0days: How we hacked Anki, the world's most popular flashcard app

RCEComponents with known vulnerabilities

We hacked Anki - 0 day exploit from studying someone elses flashcards

RCEComponents with known vulnerabilities

Built with ❤️ by Shubham Rawat