security research
iltosec
ILTOSEC
writeups & research

Blog

RSS
4 posts
/
categories
tags
Web Application Security·Business logic · enumeration·payment security
From Good Disclosure to Silence, A Business Logic Price Manipulation Story
A business logic vulnerability allowed arbitrary price manipulation during checkout on an e-commerce platform. The fix landed quickly, the vendor's silence afterward did not.
2026-07-06
76 2 5 min read
Xss·Injection·Account Takeover · enumeration·Account Takeover
Stored XSS to Full Account Takeover: Chaining a Hybrid Markdown Parser Flaw with localStorage Token Theft
A red team case study showing how an unsanitized hybrid Markdown parser led to stored XSS, and how that XSS was chained with localStorage-based token theft to achieve full admin account takeover.
2026-07-02
85 2 7 min read
Vulnerability Research·Injection · enumeration·SQLI
CVE-2026-54596: Authenticated SQL Injection via recurring_invoice_frequency Parameter Enables Full Database Exfiltration
Technical breakdown of an authenticated SQL injection in ITFlow (GHSA-f9m3-qjc9-v27j). The recurring_invoice_frequency POST parameter bypasses sanitizeInput() in a DATE_ADD INTERVAL context, enabling full database exfiltration and second-order injection. Detailed PoC and fix analysis.
2026-06-03
173 0 7 min read
Vulnerability Research·CVE · CVE·enumeration
CVE-2026-55476: Snipe-IT Unauthorized Asset Request Cancellation via cancel_by_admin IDOR
Technical writeup of CVE-2026-55476 in Snipe-IT <= v8.5.0. Any authenticated user can cancel other users asset requests via a missing authorization check on the cancel_by_admin URL parameter.
2026-05-28
99 3 3 min read