categories
tags
Web Application Security·Business logic
·
enumeration·payment security
From Good Disclosure to Silence, A Business Logic Price Manipulation Story
A business logic vulnerability allowed arbitrary price manipulation during checkout on an e-commerce platform. The fix landed quickly, the vendor's silence afterward did not.
2026-07-06
76
2
5 min read
Xss·Injection·Account Takeover
·
enumeration·Account Takeover
Stored XSS to Full Account Takeover: Chaining a Hybrid Markdown Parser Flaw with localStorage Token Theft
A red team case study showing how an unsanitized hybrid Markdown parser led to stored XSS, and how that XSS was chained with localStorage-based token theft to achieve full admin account takeover.
2026-07-02
85
2
7 min read
Vulnerability Research·Injection
·
enumeration·SQLI
CVE-2026-54596: Authenticated SQL Injection via recurring_invoice_frequency Parameter Enables Full Database Exfiltration
Technical breakdown of an authenticated SQL injection in ITFlow (GHSA-f9m3-qjc9-v27j). The recurring_invoice_frequency POST parameter bypasses sanitizeInput() in a DATE_ADD INTERVAL context, enabling full database exfiltration and second-order injection. Detailed PoC and fix analysis.
2026-06-03
173
0
7 min read
Vulnerability Research·CVE
·
CVE·enumeration
CVE-2026-55476: Snipe-IT Unauthorized Asset Request Cancellation via cancel_by_admin IDOR
Technical writeup of CVE-2026-55476 in Snipe-IT <= v8.5.0. Any authenticated user can cancel other users asset requests via a missing authorization check on the cancel_by_admin URL parameter.
2026-05-28
99
3
3 min read