sh1yo’s blog

[socket.io] Cross-Site Websockets Hijacking


The socket.io module was vulnerable to cross-site websocker hijacking attack due to the incorrect parsing of the http Origin header.
Read more ⟶

SEC-596


Invalid UTF-8 characters could trigger cPanel to use the Legacy Login page. This page did not adequately encode output. This could allow for an attacker to inject arbitrary JavaScript code into the rendered page.
Read more ⟶