Excellent content! I love that you cover both sides of the CVE, red and blue!!! Thank you! Did you find this CVE as part of a bug bounty program or other process? I've written some code in a framework I had built that sends reports when users enter anything that look malicious in addition to removing the offending code or blocking the post or update. 🙂
At a pentester, I have time occasionally when I am not working directly with a client and I usually use that time for researching open-source projects to help make them more secure :)
CVE-2024-23724 in Ghost CMS allowed for Stored XSS in profile pictures, potentially leading to an adversary taking over the Owner account. Although the vendor did not issue an official patch, a Pull Request was made for users to secure against this CVE themselves. This vulnerability highlighted the importance of code reviews and proactive patching processes to address security issues in widely used platforms like Ghost CMS.
Is this still doable? (I want to choose this security leak for a school project, I'm in my second year in software development) For a presentation I would need to show the exploit.
I wonder why did you put "localhost" as the argument for target?, I've tried my base domain for the site and the localhost but both return me an error where the pc denied access. Would this be an issue with my personal firewalls or vpn?@@TylerRamsbey
Awesome explanation of the entire vulnerability/CVE process. Thank you for taking the time to explain the entire process you went through.
Excellent content! I love that you cover both sides of the CVE, red and blue!!! Thank you! Did you find this CVE as part of a bug bounty program or other process? I've written some code in a framework I had built that sends reports when users enter anything that look malicious in addition to removing the offending code or blocking the post or update. 🙂
At a pentester, I have time occasionally when I am not working directly with a client and I usually use that time for researching open-source projects to help make them more secure :)
Very inspiring Tyler. You did a great job. ❤
CVE-2024-23724 in Ghost CMS allowed for Stored XSS in profile pictures, potentially leading to an adversary taking over the Owner account. Although the vendor did not issue an official patch, a Pull Request was made for users to secure against this CVE themselves. This vulnerability highlighted the importance of code reviews and proactive patching processes to address security issues in widely used platforms like Ghost CMS.
This is brilliant!
Is this still doable? (I want to choose this security leak for a school project, I'm in my second year in software development)
For a presentation I would need to show the exploit.
It should be!
I wonder why did you put "localhost" as the argument for target?, I've tried my base domain for the site and the localhost but both return me an error where the pc denied access. Would this be an issue with my personal firewalls or vpn?@@TylerRamsbey
Thank you for your efforts! Great work. Good karma!
Hey Tyler 1 request is to make things on your screen bigger, not everyone has great eyesight.
awesome
This the type of guy to catch my hacker who hacks my dating apps; just so he can get another CVE.
Deserves more views
Oh no he just spelled JIF 🙈. But it's still informative and interesting. thank you