From Blind XSS to Full SQL Injection: A Deep Dive

13 min · 25 feb 2025

Beschrijving

In this episode, we dive into a major security flaw uncovered by ULTRA RED’s research team. They found a blind XSS vulnerability that through log poisoning could be escalated into a full-scale SQL injection attack. Tune in as we break down the discovery, the dangers of unsanitized inputs, and the key lessons security teams must learn to prevent similar threats.

Reacties

Wees de eerste die een reactie plaatst

Meld je nu aan en word lid van de ULTRA RED Wire: Threats Exposed community!

Probeer gratis

Alle afleveringen

2 afleveringen

From Blind XSS to Full SQL Injection: A Deep Dive

25 feb 202513 min

The Perfect Heist – How Hackers Hijacked Accounts with an Image

What if a simple image upload could let attackers take over your account? In this episode, we break down a clever exploit where hackers bypassed security controls, injected malicious JavaScript, and exfiltrated data - all while staying under the radar. From dodging CSP to abusing internal chat functions, this attack is a masterclass in chaining vulnerabilities. Tune in as we unravel how it happened and what defenders can learn from it.

31 jan 202513 min

From Blind XSS to Full SQL Injection: A Deep Dive

Beschrijving

Reacties

Probeer 14 dagen gratis

Alle afleveringen