Portswigger Interesting Vulnerabilities Submissions

This podcast cover a range of cybersecurity vulnerabilities and attack techniques. One source details the reverse engineering of an Android application leading to a remote code execution exploit. Another explores a novel perspective on Server-Side Request Forgery for account takeover. Cross-Window Forgery, a new class of web attack exploiting HTML ID attributes, is also examined. Additionally, the increasing cyber threats to EV charging infrastructure and the role of penetration testing in mitigating them are discussed. Research into exploiting "unexploitable" aspects of Kibana, including remote code execution and prototype pollution, is presented. Furthermore, the concept of smuggling SQL injection queries at the protocol level is explored, alongside vulnerabilities in database wire protocols. DoubleClickjacking, a new UI redressing attack bypas ...