XS Leaks, arithmetic bugs & CVE deep dives.
💧 Cross-Site ETag Length Leak
An amazing CTF write-up on XS Leaks. Make sure you also read the unintended solution linked at the bottom of the page: Cross-Site ETag Length Leak.
🛠️ Detect Go's silent arithmetic bugs with go-panikint
A new tool from the team at Trail of Bits to detect arithmetic bugs in Go: Detect Go's silent arithmetic bugs with go-panikint.
💎 Ruby Array Pack Bleed
Luke Jahnke is back with the first bug in Ruby 4: Ruby Array Pack Bleed.
🛒 CVE-2025-61922: Zero-Click Account Takeover on PrestaShop
A great CVE analysis on CVE-2025-61922. Funnily enough, I quickly discussed this bug in a recent talk on how to learn from CVE analysis: CVE-2025-61922: Zero-Click Account Takeover on PrestaShop.
💉 The return to blogging and a blind SQL injection
Another CVE analysis, inspired by my blog post: The return to blogging and a blind SQL injection.
Written by PentesterLab
The platform to learn web hacking and security code review
Related Blog Post