Open-Redirect

AMP Deep Extraction Open …

Background

I’ve been spending some time looking at browser extensions as a security target. They are interesting because they sit between the browser and the network, operate with elevated permissions, and users generally trust them implicitly. The whole point of a privacy extension is that …

Open Redirect in Prowlarr …

Background

Prowlarr is an open-source indexer manager for the *arr ecosystem (Radarr, Sonarr, Lidarr, etc.). It acts as a centralized proxy for torrent and Usenet indexers, so a typical homelab setup has it sitting alongside a media server stack with direct access to download clients and a lot of …

Open-Redirect

AMP Deep Extraction Open …

Background

Open Redirect in Prowlarr …

Background

Finding LDAP Injection in Snipe-IT

AMP Deep Extraction Open Redirect in DuckDuckGo Privacy Essentials (Firefox)

OPNsense: LDAP Injection via Unsanitized Login Username