categories
tags
Xss·Injection·Account Takeover
·
enumeration·Account Takeover
Stored XSS to Full Account Takeover: Chaining a Hybrid Markdown Parser Flaw with localStorage Token Theft
A red team case study showing how an unsanitized hybrid Markdown parser led to stored XSS, and how that XSS was chained with localStorage-based token theft to achieve full admin account takeover.
2026-07-02
85
2
7 min read
Vulnerability Research·CVE·Injection
CVE-2026-54597: Authenticated Time-Based Blind SQL Injection in ITFlow
Technical breakdown of an authenticated time-based blind SQL injection in ITFlow (GHSA-m63v-j7fw-hq2h). CVE-2026-54597.The expires parameter in agent/ajax.php bypasses sanitizeInput() entirely in a raw INTERVAL context, enabling full database exfiltration. Detailed PoC and fix analysis.
2026-06-03
467
1
7 min read
Vulnerability Research·Injection
·
enumeration·SQLI
CVE-2026-54596: Authenticated SQL Injection via recurring_invoice_frequency Parameter Enables Full Database Exfiltration
Technical breakdown of an authenticated SQL injection in ITFlow (GHSA-f9m3-qjc9-v27j). The recurring_invoice_frequency POST parameter bypasses sanitizeInput() in a DATE_ADD INTERVAL context, enabling full database exfiltration and second-order injection. Detailed PoC and fix analysis.
2026-06-03
173
0
7 min read