Securing AI Agents with Information Flow Control (Part I) 文章探讨了AI代理的安全风险,强调信息流控制的重要性。通过分析模型执行循环和工具交互机制,揭示了潜在威胁,并提出构建安全框架的必要性。... 2025-12-1 21:14:58 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com agents security llm attacker sizeagent

A Practical Guide to Authentication and Session Management Vulnerabilities A step-by-step breakdown of the most common Session Management VulnerabilitiesPress enter or click t... 2025-12-1 06:33:25 | 阅读: 1 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com chrome expire bypass incognito

A Practical Guide to Authentication and Session Management Vulnerabilities A step-by-step breakdown of the most common Session Management VulnerabilitiesPress enter or click t... 2025-12-1 06:33:25 | 阅读: 2 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com chrome expire attackers checklist

This article we will look into the vulnerability subdomain takeovers What makes a web app… Press enter or click to view image in full sizeLet’s look into the subdomain takeover vulnerability,... 2025-11-24 09:0:35 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com cname acme subdomain myapp github

Reflected XSS with Base64 — Breaching Obscurity in Seconds Why “security by obscurity” (yes, base64 too) is a bad idea — explainedHi — recently I was invited t... 2025-11-24 08:56:56 | 阅读: 5 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com security decoded harden harmful reveal

Reflected XSS with Base64 — Breaching Obscurity in Seconds Why “security by obscurity” (yes, base64 too) is a bad idea — explainedHi — recently I was invited t... 2025-11-24 08:56:56 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com security decoded unlawful obscuring inspection

Uncovering Invisible Privileges: The Ultimate Guide to Mass-Assignment in Registration Flows A practical walkthrough of how hidden JSON fields can expose privilege flaws in modern signup APIsPr... 2025-11-24 05:48:26 | 阅读: 8 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com signup assignment payload uncover behave

Uncovering Invisible Privileges: The Ultimate Guide to Mass-Assignment in Registration Flows A practical walkthrough of how hidden JSON fields can expose privilege flaws in modern signup APIsPr... 2025-11-24 05:48:26 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com signup payload assignment variations mattermost

$600 Bounty: Stored XSS in Jira Service Desk Reports How a simple “Question” field turned into a Stored XSS that executed inside Jira’s admin reportsPres... 2025-11-24 04:9:20 | 阅读: 8 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com widget jira privileged highlights

$600 Bounty: Stored XSS in Jira Service Desk Reports How a simple “Question” field turned into a Stored XSS that executed inside Jira’s admin reportsPres... 2025-11-24 04:9:20 | 阅读: 6 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com widget jira desk

Information Disclosure in Revive Adserver v6.0.0 A single quote was all it took for verbose PHP errors to reveal MySQL versions, SQL queries, and sys... 2025-11-24 04:7:48 | 阅读: 12 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com revive php adserver quote database

Information Disclosure in Revive Adserver v6.0.0 A single quote was all it took for verbose PHP errors to reveal MySQL versions, SQL queries, and sys... 2025-11-24 04:7:48 | 阅读: 5 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com revive php adserver quote database

PicoCTF Challenges: Hashcrack Hello Cyber Enthusiasts, welcome to this blog. Today I will go through another CTF challenge on pico... 2025-11-23 08:28:4 | 阅读: 10 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com picoctf rockyou sizenow reverse ripper

Beyond the Fear: How the Dark Web Became My Secret Weapon for a Azure AD Takeover ️‍♂️✨ 2025-11-23 08:27:56 | 阅读: 24 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com boring fiction mega nz aimy

Beyond the Fear: How the Dark Web Became My Secret Weapon for a Azure AD Takeover ️‍♂️✨ 2025-11-23 08:27:56 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com boring techflow sizeimage network grabbed

Lab 1#: Basic clickjacking with CSRF token protection | Clickjacking Lab PortSwigger LabHey my dear readers, Clickjacking (UI Redressing) is a web attack where the attacker... 2025-11-23 08:27:18 | 阅读: 12 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com victim opacity h4 accaount

Secrets in JavaScript Files : What Hackers Extract 2025-11-23 08:26:44 | 阅读: 9 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com teamer gold

Secrets in JavaScript Files : What Hackers Extract 2025-11-23 08:26:44 | 阅读: 41 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com hmm teamer enthusiast

How I Built a Robot That Finds Broken Authorization While I Sleep 2025-11-23 08:23:31 | 阅读: 10 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com authmaster meltdown yeah forbidden crushing

How I Built a Robot That Finds Broken Authorization While I Sleep 2025-11-23 08:23:31 | 阅读: 10 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com authmaster hundredth 58432 realized