From Blind XSS to Full SQL Injection: A Deep Dive

From Blind XSS to Full SQL Injection: A Deep Dive

In this episode, we dive into a major security flaw uncovered by ULTRA RED’s research team. They found a blind XSS vulnerability that through log poisoning could be escalated into a full-scale SQL injection attack. Tune in as we break down the discovery, the dangers of unsanitized inputs, and the key lessons security teams must learn to prevent similar threats.

The Perfect Heist – How Hackers Hijacked Accounts with an Image

What if a simple image upload could let attackers take over your account? In this episode, we break down a clever exploit where hackers bypassed security controls, injected malicious JavaScript, and exfiltrated data - all while staying under the radar. From dodging CSP to abusing internal chat functions, this attack is a masterclass in chaining vulnerabilities. Tune in as we unravel how it happened and what defenders can learn from it.