What a week! SAML&Ruby, PHP&XXE and so much more!
📨 Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Two of my favorite things (Ruby and SAML) meet again, and another great vulnerability in ruby-saml: Sign in as anyone: Bypassing SAML SSO authentication with parser differentials.
💻 What Makes Code Hard To Read: Visual Patterns of Complexity
A great article on what makes code hard to read. There's a lot of content related to code review in this blog as well, so make sure you check it out: What Makes Code Hard To Read: Visual Patterns of Complexity.
🤯 Impossible XXE in PHP
The team at ptsecurity is on fire at the moment. A great PHP/XXE tour de force: Impossible XXE in PHP. It is worth reading just for the LIBXML_NONET part...
😻 Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE
If you want to better understand the details of the latest RCE in Tomcat, make sure to read this post: Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE
