Introduction Hi, I’m canalun (@i_am_canalun ), a security researcher at GMO Flatt Security Inc. This article explores the question: “Why Does XSS Still Occur So Frequently?” We will delve into why this notorious and classic vulnerability despite the widespread adoption of built-in XSS countermeasures in modern development frameworks. The world of web development, especially frameworks, is evolving at a rapid pace, bringing improvements not only in development efficiency but also in secu...| GMO Flatt Security Research
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at GMO Flatt Security Inc. A while ago, I reported a remote code execution vulnerability that chains multiple problems in Chatwork, a popular communication tool in Japan. In the report that I sent to the bug bounty platform, I used an obsolete feature of Electron to escalate to the preload context. As the vulnerability was interesting, I’m writing this article to share the details of it.| GMO Flatt Security Research
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at GMO Flatt Security Inc. In October 2024, I was hunting bugs for the GitHub Bug Bounty program. After investigating GitHub Enterprise Server for a while, I felt bored and decided to try to find bugs on GitHub Desktop instead. After reading the source code of GitHub Desktop, I found a bug that allows a malicious repository to leak the user’s credentials. Since the concept of the bug is interesting, I decided to investigate ...| GMO Flatt Security Research
Introduction: The Art of Non-Intrusive Web Recon Hello, I’m pizzacat83 (@pizzacat83 ), a software engineer at Flatt Security Inc. When hunting for bugs, understanding the behavior of a target application is invaluable. The more knowledge you gain about the application—where each functionality resides, how pages and APIs interconnect—the greater your ability to pinpoint weaknesses and unravel vulnerabilities. Imagine a tool that could seamlessly assist with this process, extracting key i...| flatt.tech
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service.| flatt.tech
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. In 2023, James Kettle of PortSwigger published an excellent paper titled Smashing the state machine: the true potential of web race conditions. In the paper, he introduced a new attack technique called single-packet attack that can exploit a race condition without being affected by the network jitter. Quoted from Smashing the state machine: the true potential of web race conditions Recently, I encountered...| flatt.tech
Hello, I’m Shiga( @Ga_ryo_ ), a security engineer at Flatt Security Inc. In this article, I would like to give you a technical description of CVE-2021–20226( ZDI-2021–001 ) which is published before. I discovered this vulnerability and reported it to the vendor via the Zero Day Initiative. This article is not intended to inform you of the dangers of vulnerabilities, but to share tips from a technical point of view.| flatt.tech
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc. Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditions were satisfied. Today, affected vendors published advisories of these vulnerabilities , so I’m documenting the details here to provide more information about the vulnerabilities and minimize the confusion regarding the high CVSS score.| flatt.tech
