Conversation
buherator

buherator

I guess I have to add another item to my "reflective XSS exploited in the wild" list (still less than 5 elements though)

https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
3
2
4
raptor@infosec.exchange

Marco Ivaldi

Reply to @buherator

@buherator LOL I have the same bias against reflected XSS 😅

0
1
0
ret2bed@infosec.exchange

ret2bed is hacking web apps verified

Reply to @buherator

@buherator it's the second I am aware of but I'm out of the loop in regards to breaches nowadays.

1
1
1
buherator

buherator

Reply to @ret2bed@infosec.exchange
@ret2bed Do you have a link? I remember one affecting the issue tracker of Apache, but coldn't find it. I'm thinking about creating a tracking repo similar to AVPWN.

/cc @raptor
1
0
0
ret2bed@infosec.exchange

ret2bed is hacking web apps verified

Reply to @buherator

@buherator @raptor that was exactly the one I was thinking about. It's been ages. Unfortunately I don't have a link but I can check

1
1
0
ret2bed@infosec.exchange

ret2bed is hacking web apps verified

Reply to @ret2bed@infosec.exchange

@buherator @raptor That was the one I was aware of: https://www.zdnet.com/article/apache-org-hit-by-targeted-xss-attack-passwords-compromised/

1
2
0
buherator

buherator

Reply to @ret2bed@infosec.exchange
@ret2bed @raptor Perfect, thank you!
1
0
2
ret2bed@infosec.exchange

ret2bed is hacking web apps verified

Reply to @buherator

@buherator @raptor you're welcome!

0
1
1
Moon@shitposter.club

Sexy Moon

Reply to @buherator
Zimbra is junk now
0
0
0
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.