Snipe-It

Finding LDAP Injection in …

Overview

Structured security code review is a practical and effective approach to finding real vulnerabilities. In this post I walk through how I applied a systematic review methodology to Snipe-IT, a popular open-source IT asset management platform, and how that approach led me directly to a …

Snipe-It

Finding LDAP Injection in …

Overview

Finding LDAP Injection in Snipe-IT

AMP Deep Extraction Open Redirect in DuckDuckGo Privacy Essentials (Firefox)

OPNsense: LDAP Injection via Unsanitized Login Username