Jan 16, 2021 | Research
This is a short explanation of an postMessage() based XSS that I have found in the Stockdio Historical Chart WordPress plugin that can be found here. The plugin has over 1.000 active installs and a quick Google search reveals a multitude of vulnerable websites. The...
Aug 11, 2020 | Research
On a recent engagement, we found an instance of GraphQL on a server and I noticed that there are not many articles describing the different ways to attack GraphQL instances even though these are used by a lot of big names in the industry including Facebook, GitHub,...
