Pentesting Fast Infoset based web applications with Burp

Pentesting Fast Infoset based web applications with Burp

If you run into a .NET application you sometimes end up with some not very well known protocols like WCF Binary protocol or, in a recent case, a Fast Infoset binary encoding - a binary encoding of the XML Infoset and an alternative to the usual text-based XML Infoset encoding ... Read More
VMware vCenter Unauthenticated RCE using CVE-2017-5638 (Apache Struts 2 RCE)

VMware vCenter Unauthenticated RCE using CVE-2017-5638 (Apache Struts 2 RCE)

<servlet-mapping> <servlet-name>StatsChartServlet</servlet-name> <url-pattern>/StatsChartServlet</url-pattern> </servlet-mapping> ... Read More