https://nstsec.com/it/tags/privesc/ Recent content in Privesc on nstsec.com https://nstsec.com/images/index.png https://nstsec.com/images/index.png Hugo it Wed, 30 Dec 2020 11:19:29 +0200 https://nstsec.com/it/posts/xwiki-xss-cve-2020-13654/ Wed, 30 Dec 2020 11:19:29 +0200 https://nstsec.com/it/posts/xwiki-xss-cve-2020-13654/ Come ho scoperto una Stored XSS in XWiki Platform < 12.8, perché il flag HttpOnly mi ha impedito il furto di cookie e come ho dovuto riorientare l'attacco verso una privilege escalation via CSRF, fino ad ottenere la mia prima CVE dal MITRE.