Identifying and Exploiting Unsafe Deserialization in Ruby Introduction

A while back i wrote a blog post about a deserialization issue in XMLRPC in ruby
medium.com/bugbountywri...

👋

Personal preference, this is my favourite feature on x

Polyphemus, by Johann Heinrich Wilhelm Tischbein, 1802 (Landesmuseum Oldenburg), depicting the one-eyed giant son of Poseidon and Thoosa in Greek mythology.

Reposting my evergreens.🎄

Instead of using SSRF to peer inside a local network, I used an internal vulnerable server to proxy out traffic to the internet to turn my blind XXE into root-level file read access. Read my write-up on honoki.net/2018/12/12/f...

#bugbounty #writeup #xxe #ssrf

@bsky.app please add a setting for disabling media rendering on feed. Thank you

Rich man problems :D

The good old cracking the lense or something new ?