DoyensecJan 22, 2025

Nice to see Maxence Schmitt's CSPT research (a nominee for #Portswigger's top 10 web hacking techniques for 2024) getting a shout out on the Critical Thinking Bug Bounty podcast !

Check out the review and comments here: https://youtu.be/3rkg1CUDpjA?si=yu4AtH6eLwu0F5n8&t=2687

#doyensec #appsec #security #CSPT2CSRF

Announcing our new cohost... (Ep. 106)

YouTube
DoyensecJan 9, 2025

Taking his previous research to the next level, our Maxence Schmitt explores how to bypass various upload restrictions to exploit client-side path traversal. Read about it in our latest blog post today!

https://blog.doyensec.com/2025/01/09/cspt-file-upload.html

#doyensec #appsec #cspt #cspt2csrf

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal · Doyensec's Blog

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal

DoyensecSep 27, 2024

This appears to be a nice #CSPT2CSRF find in the wild: https://www.linkedin.com/posts/michelin-is-digital_grafana-cve-20235123-write-up-activity-7245392504194232324-SB9m/

If you're interested in finding vulnerabilities like these, check out this previous post from our own Maxence Schmitt:

https://blog.doyensec.com/2024/07/02/cspt2csrf.html

#doyensec #appsec #security

LinkedIn: Log In or Sign Up

1 billion members | Manage your professional identity. Build and engage with your professional network. Access knowledge, insights and opportunities.

LinkedIn
DoyensecJul 2, 2024

CSRF in modern web apps? It's still possible! Our latest research by Maxence Schmitt dives into using Client-Side Path Traversal to perform CSRF. Check out our latest blogpost and brand new #Burp extension for finding bugs.

#doyensec #appsec #CSPT2CSRF

https://blog.doyensec.com/2024/07/02/cspt2csrf.html

Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF · Doyensec's Blog

Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF