Flash Same Origin Policy Bypass with 307 and Smelly Design - Week 2

Anti-CSRF and Bad Choices This is very a old vulnerability, however especially with the new "AJAX friendly" Anti-CSRF tokens this has been exploited in various ways. »

Universal IE XSS and Cross Domain Data Theft with Adobe Reader - Week 2

Internet Explorer Universal XSS We read a nice analysis of Internet Explorer Universal XSS which was disclosed on Full Disclosure last week. It is quite simple »

SOME, WebRTC, GHOST, MySQL LIMIT- Week 1

Same Origin Method Execution - SOME It's based on a talk Ben Hayak released in Black Hat 2014 - EU, Same Origin Method Execution (SOME) - »